3.5
CVSSv2

CVE-2018-1688

Published: 14/03/2019 Updated: 16/04/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 up to and including 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.

Vulnerability Trend

Affected Products

Vendor Product Versions
IbmRational Collaborative Lifecycle Management5.0, 5.0.0, 5.0.1, 5.0.2, 6.0, 6.0.0, 6.0.1, 6.0.3, 6.0.4, 6.0.5, 6.0.6
IbmRational Doors Next Generation5.0, 5.0.0, 5.0.1, 5.0.2, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6
IbmRational Engineering Lifecycle Manager5.0, 5.0.0, 5.0.1, 5.0.2, 6.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.6
IbmRational Quality Manager5.0, 5.0.0, 5.0.1, 5.0.2, 6.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6
IbmRational Rhapsody Design Manager5.0, 5.0.0, 5.0.1, 5.0.2, 6.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6
IbmRational Software Architect Design Manager5.0, 5.0.0, 5.0.1, 5.0.2, 6.0, 6.0.0, 6.0.1
IbmRational Team Concert5.0, 5.0.0, 5.0.1, 5.0.2, 6.0, 6.0.0, 6.0.1, 6.0.3, 6.0.4, 6.0.5, 6.0.6