PT-2018-13783 · Ibm · Ibm Rational Doors Next Generation+7

Published

2018-11-06

·

Updated

2020-08-24

·

CVE-2018-1694

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Jazz applications (IBM Rational Collaborative Lifecycle Management versions 5.0 through 5.02 and 6.0 through 6.0.6) IBM Rational DOORS Next Generation versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Engineering Lifecycle Manager versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Quality Manager versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Rhapsody Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.6 IBM Rational Software Architect Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.1 IBM Rational Team Concert versions 5.0 through 5.02 and 6.0 through 6.0.6
Description The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information. An attacker could exploit this to obtain sensitive information using man-in-the-middle techniques.
Recommendations For IBM Rational Collaborative Lifecycle Management versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational DOORS Next Generation versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Engineering Lifecycle Manager versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Quality Manager versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Rhapsody Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Software Architect Design Manager versions 5.0 through 5.02 and 6.0 through 6.0.1, update to a version that properly enables HTTP Strict Transport Security. For IBM Rational Team Concert versions 5.0 through 5.02 and 6.0 through 6.0.6, update to a version that properly enables HTTP Strict Transport Security.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1694

Affected Products

Ibm Jazz
Ibm Rational Collaborative Lifecycle Management
Ibm Rational Doors Next Generation
Ibm Rational Engineering Lifecycle Manager
Ibm Rational Quality Manager
Rational Rhapsody Design Manager
Ibm Rational Software Architect Design Manager
Ibm Rational Team Concert