CVE-2018-1688: XSS
First published: Fri Mar 08 2019(Updated: )
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Collaborative Lifecycle Management | >=5.0<=6.0.6 | |
| IBM Rational DOORS Next Generation | >=5.0<=6.0.6 | |
| IBM Rational Engineering Lifecycle Manager | >=5.0<=6.0.6 | |
| IBM Rational Quality Manager | >=5.0<=6.0.6 | |
| IBM Rational Rhapsody Design Manager | >=5.0<=6.0.6 | |
| IBM Rational Software Architect Design Manager | >=5.0<=6.0.1 | |
| IBM Rational Team Concert | >=5.0<=6.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1688?
CVE-2018-1688 is a vulnerability in IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
How severe is CVE-2018-1688?
CVE-2018-1688 has a severity rating of 5.4, which is considered medium.
Which software versions are affected by CVE-2018-1688?
IBM Rational Collaborative Lifecycle Management versions 5.0 through 6.0.6, IBM Rational DOORS Next Generation versions 5.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager versions 5.0 through 6.0.6, IBM Rational Quality Manager versions 5.0 through 6.0.6, IBM Rational Rhapsody Design Manager versions 5.0 through 6.0.6, IBM Rational Software Architect Design Manager versions 5.0 through 6.0.1, and IBM Rational Team Concert versions 5.0 through 6.0.6 are affected by CVE-2018-1688.
How can CVE-2018-1688 be exploited?
CVE-2018-1688 can be exploited by injecting arbitrary JavaScript code into the Web UI of affected software versions, which can alter the intended functionality and potentially lead to disclosure of credentials.
Is there a fix available for CVE-2018-1688?
Yes, IBM has released fixes for the affected software versions to address the vulnerability. It is recommended to update to the latest available version.
- collector/nvd-index
- agent/event
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational collaborative lifecycle management
- version/ibm rational collaborative lifecycle management/5.0
- version/ibm rational collaborative lifecycle management/6.0.6
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/5.0
- version/ibm rational doors next generation/6.0.6
- canonical/ibm rational engineering lifecycle manager
- version/ibm rational engineering lifecycle manager/5.0
- version/ibm rational engineering lifecycle manager/6.0.6
- canonical/ibm rational quality manager
- version/ibm rational quality manager/5.0
- version/ibm rational quality manager/6.0.6
- canonical/ibm rational rhapsody design manager
- version/ibm rational rhapsody design manager/5.0
- version/ibm rational rhapsody design manager/6.0.6
- canonical/ibm rational software architect design manager
- version/ibm rational software architect design manager/5.0
- version/ibm rational software architect design manager/6.0.1
- canonical/ibm rational team concert
- version/ibm rational team concert/5.0
- version/ibm rational team concert/6.0.6