CVE-2018-1549 — Injection in IBM Rational Quality Manager

CWE-74 — Injection5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 70.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Quality Manager

Timeline

PublishedJul 10

Latest updateMay 13

Description

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/rational_quality_manager5.0 — 5.0.2+1

▶CVEListV5ibm/rational_quality_manager9 versions+8

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-p4j4-x67w-62jj: IBM Rational Quality Manager 5↗2022-05-13

▶

CVEList

CVE-2018-1549: IBM Rational Quality Manager 5↗2018-07-10

▶

📋Vendor Advisories

Red Hat

ntp: Ephemeral association time spoofing additional protection↗2018-02-27

▶

💬Community

Bugzilla

CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection↗2018-02-28

▶