CVE-2018-1694

Published Nov 6, 2018

Last updated 4 days ago

CVSS medium 5.9

Overview

Description: IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "667D04CD-BC8D-4CEB-B502-8D1379B7B436",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DDB2D08-0405-4BFD-9DBE-0AD8589B18FF",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74E00B0B-14E3-4799-9FD6-63418A8086F2",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45C503A9-6837-4EBD-87E5-2CA76AF85B79",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA1F2828-9730-4474-82B4-E08AD40CBAAD",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A48EFB76-A843-46B9-8840-83DC35330DD3",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98DCDC04-6FD5-49CB-BC20-757A69C4AC0C",
            "versionEndIncluding": "6.0.1",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8789F641-3AFA-4262-B554-DEB4270D1DB5",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References