IBM2E83B170FC70191DC701694F53CC8D0CD141487E9BBCFFC9C52643AC609F13C1Security Bulletin: Multiple Cross-site scripting vulnerabilities affect IBM® Rational® Team Concert
EPSS
Percentile
26.3%
Summary
IBM Team Concert (RTC) is vulnerable to multiple cross-site scripting vulnerabilities
Vulnerability Details
CVEID: CVE-2018-1761 DESCRIPTION: IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148615> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1984 DESCRIPTION: IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154137> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1983 DESCRIPTION: IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154136> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1982 DESCRIPTION: IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154135> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
Rational Collaborative Lifecycle Management 5.0 - 6.0.6
Rational Team Concert 5.0 - 5.0.2
Rational Team Concert 6.0 - 6.0.6
Remediation/Fixes
For the 6.0 - 6.0.6 releases:
- Upgrade to version 6.0.6 iFix007 or later
- Or upgrade to version 6.0.2 iFix20 or later
For the 5.x releases, upgrade to version 5.0.2 iFix29 or later (planned publication within 30 days)
Workarounds and Mitigations
None
Related
EPSS
Percentile
26.3%