Rational DOORS Web Access is affected by a cross-site scripting vulnerability.
CVEID:CVE-2018-1975
DESCRIPTION: IBM DWA is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153916> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Rational DOORS Web Access: 9.5.1 - 9.5.1.10
Rational DOORS Web Access: 9.5.2 - 9.5.2.9
Rational DOORS Web Access: 9.6.0 - 9.6.0.8
Rational DOORS Web Access: 9.6.1 - 9.6.1.11
Upgrade to the fix pack that corresponds to the version of Rational DOORS Web Access that you are running, as shown in the following table.
Rational DOORS version | Upgrade to fix pack |
---|---|
9.5.1 | |
9.5.1.1 - 9.5.1.10 | 9.5.1.11 |
9.5.2 | |
9.5.2.1 - 9.5.2.9 | 9.5.2.10 |
9.6.0 | |
9.6.0.1 - 9.6.0.8 | 9.6.0.9 |
9.6.1 | |
9.6.1.1 - 9.6.1.11 | 9.6.1.12 |
For_ Rational DOORS version 9.5.1.x and earlier, IBM recommends upgrading to a fixed, supported version/release/platform of the product._
None