PT-2018-13783 · Ibm · Ibm Rational Doors Next Generation+7

Publicado

2018-11-06

·

Atualizado

2020-08-24

·

CVE-2018-1694

CVSS v3.1

5.9

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Jazz applications (IBM Rational Collaborative Lifecycle Management versions 5.0 through 5.02 and 6.0 through 6.0.6) IBM Rational DOORS Next Generation versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Engineering Lifecycle Manager versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Quality Manager versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Rhapsody Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Software Architect Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.1 IBM Rational Team Concert versions 5.0 through 5.02 and 6.0 through 6.0.6
Description The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information. An attacker could exploit this to obtain sensitive information using man-in-the-middle techniques.
Recommendations For IBM Rational Collaborative Lifecycle Management versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational DOORS Next Generation versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Engineering Lifecycle Manager versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Quality Manager versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Rhapsody Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Software Architect Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.1, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Team Concert versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1694

Produtos afetados

Ibm Jazz
Ibm Rational Collaborative Lifecycle Management
Ibm Rational Doors Next Generation
Ibm Rational Engineering Lifecycle Manager
Ibm Rational Quality Manager
Rational Rhapsody Design Manager
Ibm Rational Software Architect Design Manager
Ibm Rational Team Concert