cbcvebase.
CVE-2018-1758
published 2019-06-27

CVE-2018-1758: IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.

Affected

19 ranges
VendorProductVersion rangeFixed in
exiv2exiv2>= 0 < 0.23-1ubuntu2.20.23-1ubuntu2.2
exiv2exiv2>= 0 < 0.25-2.1ubuntu16.04.30.25-2.1ubuntu16.04.3
exiv2exiv2>= 0 < 0.25-3.1ubuntu0.18.04.20.25-3.1ubuntu0.18.04.2
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management
ibmrational_collaborative_lifecycle_management6.0 – 6.0.6.1
ibmrational_doors_next_generation6.0 – 6.0.6.1
ibmrational_engineering_lifecycle_manager6.0 – 6.0.6.1
ibmrational_quality_manager6.0 – 6.0.6.1
ibmrational_rhapsody_design_manager6.0 – 6.0.6.1
ibmrational_software_architect_design_manager6.0 – 6.0.1
ibmrational_team_concert6.0 – 6.0.6.1
ibmrhapsody_model_manager6.0.5 – 6.0.6.1

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv7.5HIGH