PT-2018-13008 · Ibm · Ibm Rational Engineering Lifecycle Manager

Published

2018-09-25

Updated

2019-10-09

CVE-2018-1539

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Rational Engineering Lifecycle Manager versions 5.0 through 5.02 IBM Rational Engineering Lifecycle Manager versions 6.0 through 6.0.6

Description The issue allows remote attackers to bypass authentication by making a direct request or using forced browsing to access a page other than the intended URL.

Recommendations For versions 5.0 through 5.02, update to a version outside of this range to resolve the issue. For versions 6.0 through 6.0.6, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to sensitive pages to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-1539

Affected Products

Ibm Rational Engineering Lifecycle Manager

PT-2018-13008 · Ibm · Ibm Rational Engineering Lifecycle Manager

CVE-2018-1539

Weakness Enumeration

Related Identifiers

Affected Products

References · 4