CVE-2018-1560Cross-site Scripting in IBM Rational Engineering Lifecycle Manager

CWE-79Cross-site ScriptingCWE-693Protection Mechanism FailureCWE-667Improper Locking6 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 63.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Engineering Lifecycle Manager
Timeline
PublishedSep 25
Latest updateMay 13

Description

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-wwm4-9m5f-88qw: IBM Rational Engineering Lifecycle Manager 52022-05-13
CVEList
CVE-2018-1560: IBM Rational Engineering Lifecycle Manager 52018-09-25

💥Exploits & PoCs

1
Exploit-DB
Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH)2018-02-21

📋Vendor Advisories

2
Cisco
Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service Vulnerability2018-10-17
Cisco
Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability2018-05-02
CVE-2018-1560 — Cross-site Scripting in IBM | cvebase