CVE-2018-1535

Опубликовано: 19 июл. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.

Ссылки

http://www.ibm.com/support/docview.wss?uid=ibm10716029
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/142557
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ibm10716029
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/142557
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.1 (включая)

EPSS

Процентиль: 37%

0.00158

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2px8-4f7q-6fxj