Security Bulletin
Summary
Multiple vulnerabilities in WebSphere Application Server traditional and WebSphere Application Server Liberty bundled with IBM Jazz Team Server based Applications affect the following products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM).
Vulnerability Details
CVEID: CVE-2018-1770
DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148686 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-1793
DESCRIPTION: IBM WebSphere Application Server using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2014-7810
DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103155 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2018-1794
DESCRIPTION: IBM WebSphere Application Server using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
Rational Collaborative Lifecycle Management 5.0 - 6.0.6
Rational Quality Manager 5.0 - 5.0.2
Rational Quality Manager 6.0 - 6.0.6
Rational Team Concert 5.0 - 5.0.2
Rational Team Concert 6.0 - 6.0.6
Rational DOORS Next Generation 5.0 - 5.0.2
Rational DOORS Next Generation 6.0 - 6.0.6
Rational Engineering Lifecycle Manager 5.0 - 5.0.2
Rational Engineering Lifecycle Manager 6.0 - 6.0.6
Rational Rhapsody Design Manager 5.0 - 5.0.2
Rational Rhapsody Design Manager 6.0 - 6.0.6
Remediation/Fixes
The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server traditional and WebSphere Application Server Liberty with the available versions of the products, and in addition to the bundled version some previous versions of WAS are also supported.
For vulnerability details/affected versions/Remediation and fixes, review the Security Bulletins:
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
CVE-2018-1770 vulnerability was reported to IBM by Jacob Baines
CVE-2018-1793 and CVE-2018-1794 vulnerabilities were reported to IBM by Benoit Ct-Jodoin
Change History
26 October 2018: Initial publication
31 October 2018: Third party acknowledgement info added
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Advisory 12851, 12980, 12982, 13142
Product Synonym
Rational DOORS Next Generation;Rational Team Concert;Rational Quality Manager;Rational Engineering Lifecycle Manager;Rational Collaborative Lifecycle Management Solution
Was this topic helpful?
Document Information
Modified date:
28 April 2021
Initial Publish date:
26 October 2018
UID
ibm10737549