Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2947
Security Bulletin: Multiple Security Vulnerabilities affect
IBM(R) Rational(R) Quality Manager
1 October 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Rational Quality Manager
Publisher: IBM
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-1692 CVE-2018-1691 CVE-2018-1605
CVE-2018-1601 CVE-2018-1557 CVE-2018-1522
CVE-2018-1440 CVE-2018-1439 CVE-2018-1405
CVE-2018-1404 CVE-2018-1403 CVE-2018-1395
CVE-2017-5662 CVE-2017-1649 CVE-2010-2232
CVE-2009-4521
Reference: ASB-2018.0179
ASB-2018.0177
ASB-2018.0159
ESB-2017.2153
ESB-2017.2028
ESB-2017.1175
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10733078
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Multiple Security Vulnerabilities affect IBM(R) Rational(R)
Quality Manager
PSIRT; security
Document information
More support for: Rational Quality Manager
Software version: 5.0.x, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6
Operating system(s): Platform Independent
Reference #: 0733078
Modified date: 27 September 2018
Security Bulletin
Summary
IBM(R) Rational(R) Quality Manager is vulnerable to multiple security
vulnerabilities.
Vulnerability Details
CVEID: CVE-2017-1649
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
133259 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1395
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138427 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1405
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138441 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1404
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138440 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1403
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138439 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1439
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139589 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1440
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139595 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1522
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
141803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1557
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
142955 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1601
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143791 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2010-2232
DESCRIPTION: Apache Derby could allow a remote attacker to overwrite arbitrary
files, caused by a flaw in the Export functionality. An attacker could exploit
this vulnerability to overwrite arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
134130 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2017-5662
DESCRIPTION: Apache Batik could allow a remote authenticated attacker to obtain
sensitive information, caused by an XML external entity (XXE) error when
processing XML data. By using a specially-crafted SVG file, a remote attacker
could exploit this vulnerability to obtain sensitive information or possibly
cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125198 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID: CVE-2009-4521
DESCRIPTION: Eclipse BIRT is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the report viewer. A remote
attacker could exploit this vulnerability using the __report parameter to
inject malicious script into a Web page which would be executed in a victim's
Web browser within the security context of the hosting Web site, once the page
is viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials. Note: KonaKart uses BIRT and is also
vulnerable.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
53773 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2018-1605
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143795 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1692
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
145583 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1691
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
145582 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
Rational Collaborative Lifecycle Management 5.0 - 6.0.6
Rational Quality Manager 6.0 - 6.0.6
Rational Quality Manager 5.0 - 5.0.2
Remediation/Fixes
For the 6.0.x releases:
o Or version 6.0.6 iFix002 or later
- Rational Quality Manager 6.0.6 iFix002
o Or version 6.0.5 iFix008 or later
- Rational Quality Manager 6.0.5 iFix008
o Or version 6.0.4 iFix011 for CVE-2017-1649 and CVE-2018-1557 only:
- Rational Quality Manager 6.0.4 iFix011
o Or version 6.0.2 iFix017 or later
- Rational Quality Manager 6.0.2 iFix018
For the 5.x releases, upgrade to version 5.0.2 iFix26 or later
o Rational Quality Manager 5.0.2 iFix27
Workarounds and Mitigations
None
Change History
27 September 2018: Initial publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Cross reference information
Product Component Platform Version Edition
Rational Collaborative Platform 5.0.x, 6.0, 6.0.1, 6.0.2,
Lifecycle Management Independent 6.0.3, 6.0.4, 6.0.5, 6.0.6
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW7FtDWaOgq3Tt24GAQh8+A//brZNGb1L4GBAM7+ajvGGOGFm9GR6RfIh
7W+228hMMQ/a9ouqE7ZDe7eYJ2UbiJtImy2MkRt8o/j2T0jyRnDOcLTMdeUmchFk
IR13eDw2cbbx/weTL1sK/rKqJqAYBiG28lN5PD3G/C78GFdtfhxEM4H8SV97v24u
uQb5MSof7Y55tz2pycmgFZNUIaAZoS32rHgy+iSgbwevI1GJeZRIxOgHmPz7XrUz
Z640G36tuHpPsZCH52TNszQENjUfu6bkbvvDePjCeYe+X4Ot3qQ47mVDfou5RIK4
v9vVL2CR9NEJ+oBxHq3Gvaw5vRaukvW8FV0HApp3SLNzXD6gaV3ZLnfFLUJfeLeS
ZV0BcHKAR/YVQVP8pn6pAWUWx5ymBK56k/Yexf1RxQjGuaR/vgAZxstEp/AldP4c
14p5S0EHOh544HpHd+8H2xIQDsOZVsGVKcUfIHow9i1vNT8ynGKA9BwFVnSNFlVx
pQCheLTMvXMfeUWFIGEmjIcv2GewEQHTvJevdVnO7sgj5SA32wKdqltaFb+KNluC
V8FHdyqvD3zw2AU+fDSuy0u5jKMt4N/SWL0bU9AHMb6aFaxkILtlwghVoO18h2mT
UYF/onNNBfRJlcITeBn1mhZG7HuXdg5BvQkoOSjbs6w79vSgz4hPPYiogaxsVKPl
4EJxK6aR17M=
=mRpx
-----END PGP SIGNATURE-----