Vulnerability Details CVE-2018-1585
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143498.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 47.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2018-1585
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.4
-
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.5
-
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0
-
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0
-
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1
-
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2
-
cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0
-
cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0
-
cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1