CVE-2018-1529

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 53.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Doors Next Generation IBM Rational Requirements Composer

Timeline

PublishedJul 19

Latest updateMay 14

Description

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/rational_doors_next_generation5.0.0 — 5.0.2+1

▶NVDibm/rational_requirements_composer5.0.0 — 5.0.2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wcr5-q7f2-vcxr: IBM Rational DOORS Next Generation 5↗2022-05-14

▶

CVEList

CVE-2018-1529: IBM Rational DOORS Next Generation 5↗2018-07-19

▶

💥Exploits & PoCs

Exploit-DB

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free↗2019-01-25

▶