Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2947 Security Bulletin: Multiple Security Vulnerabilities affect IBM(R) Rational(R) Quality Manager 1 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Rational Quality Manager Publisher: IBM Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Overwrite Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Existing Account Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-1692 CVE-2018-1691 CVE-2018-1605 CVE-2018-1601 CVE-2018-1557 CVE-2018-1522 CVE-2018-1440 CVE-2018-1439 CVE-2018-1405 CVE-2018-1404 CVE-2018-1403 CVE-2018-1395 CVE-2017-5662 CVE-2017-1649 CVE-2010-2232 CVE-2009-4521 Reference: ASB-2018.0179 ASB-2018.0177 ASB-2018.0159 ESB-2017.2153 ESB-2017.2028 ESB-2017.1175 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10733078 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple Security Vulnerabilities affect IBM(R) Rational(R) Quality Manager PSIRT; security Document information More support for: Rational Quality Manager Software version: 5.0.x, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6 Operating system(s): Platform Independent Reference #: 0733078 Modified date: 27 September 2018 Security Bulletin Summary IBM(R) Rational(R) Quality Manager is vulnerable to multiple security vulnerabilities. Vulnerability Details CVEID: CVE-2017-1649 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133259 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1395 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138427 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1405 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138441 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1404 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138440 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1403 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138439 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1439 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139589 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1440 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139595 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1522 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141803 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1557 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 142955 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1601 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143791 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2010-2232 DESCRIPTION: Apache Derby could allow a remote attacker to overwrite arbitrary files, caused by a flaw in the Export functionality. An attacker could exploit this vulnerability to overwrite arbitrary files on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134130 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2017-5662 DESCRIPTION: Apache Batik could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By using a specially-crafted SVG file, a remote attacker could exploit this vulnerability to obtain sensitive information or possibly cause a denial of service. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 125198 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID: CVE-2009-4521 DESCRIPTION: Eclipse BIRT is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the report viewer. A remote attacker could exploit this vulnerability using the __report parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Note: KonaKart uses BIRT and is also vulnerable. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 53773 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2018-1605 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143795 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1692 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 145583 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-1691 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 145582 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions Rational Collaborative Lifecycle Management 5.0 - 6.0.6 Rational Quality Manager 6.0 - 6.0.6 Rational Quality Manager 5.0 - 5.0.2 Remediation/Fixes For the 6.0.x releases: o Or version 6.0.6 iFix002 or later - Rational Quality Manager 6.0.6 iFix002 o Or version 6.0.5 iFix008 or later - Rational Quality Manager 6.0.5 iFix008 o Or version 6.0.4 iFix011 for CVE-2017-1649 and CVE-2018-1557 only: - Rational Quality Manager 6.0.4 iFix011 o Or version 6.0.2 iFix017 or later - Rational Quality Manager 6.0.2 iFix018 For the 5.x releases, upgrade to version 5.0.2 iFix26 or later o Rational Quality Manager 5.0.2 iFix27 Workarounds and Mitigations None Change History 27 September 2018: Initial publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Cross reference information Product Component Platform Version Edition Rational Collaborative Platform 5.0.x, 6.0, 6.0.1, 6.0.2, Lifecycle Management Independent 6.0.3, 6.0.4, 6.0.5, 6.0.6 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW7FtDWaOgq3Tt24GAQh8+A//brZNGb1L4GBAM7+ajvGGOGFm9GR6RfIh 7W+228hMMQ/a9ouqE7ZDe7eYJ2UbiJtImy2MkRt8o/j2T0jyRnDOcLTMdeUmchFk IR13eDw2cbbx/weTL1sK/rKqJqAYBiG28lN5PD3G/C78GFdtfhxEM4H8SV97v24u uQb5MSof7Y55tz2pycmgFZNUIaAZoS32rHgy+iSgbwevI1GJeZRIxOgHmPz7XrUz Z640G36tuHpPsZCH52TNszQENjUfu6bkbvvDePjCeYe+X4Ot3qQ47mVDfou5RIK4 v9vVL2CR9NEJ+oBxHq3Gvaw5vRaukvW8FV0HApp3SLNzXD6gaV3ZLnfFLUJfeLeS ZV0BcHKAR/YVQVP8pn6pAWUWx5ymBK56k/Yexf1RxQjGuaR/vgAZxstEp/AldP4c 14p5S0EHOh544HpHd+8H2xIQDsOZVsGVKcUfIHow9i1vNT8ynGKA9BwFVnSNFlVx pQCheLTMvXMfeUWFIGEmjIcv2GewEQHTvJevdVnO7sgj5SA32wKdqltaFb+KNluC V8FHdyqvD3zw2AU+fDSuy0u5jKMt4N/SWL0bU9AHMb6aFaxkILtlwghVoO18h2mT UYF/onNNBfRJlcITeBn1mhZG7HuXdg5BvQkoOSjbs6w79vSgz4hPPYiogaxsVKPl 4EJxK6aR17M= =mRpx -----END PGP SIGNATURE-----