Security Bulletin: Security vulnerabilities affect IBM® Rational® Team Concert

2021-04-2818:35:50

www.ibm.com

ibm rational team concert

cross-site scripting

vulnerabilities

cve-2018-1408

cve-2018-1407

cve-2018-1521

rational collaborative lifecycle management

6.0.5

6.0.2

5.0.2

ifix05

ifix17

ifix26

EPSS

0.001

Percentile

19.0%

JSON

Summary

IBM Team Concert (RTC) is vulnerable to multiple cross-site scripting vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-1408 DESCRIPTION: IBM Team Concert (RTC)) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138446> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1407 DESCRIPTION: IBM Team Concert (RTC)) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138445> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1521 DESCRIPTION: IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141802> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)