Vulnerability Details : CVE-2018-1606
IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.
Vulnerability category: Information leak
Products affected by CVE-2018-1606
- cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*
- IBM » Rational Software Architect Design ManagerVersions from including (>=) 6.0.0 and up to, including, (<=) 6.0.1cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*
- IBM » Rational Software Architect Design ManagerVersions from including (>=) 5.0.0 and up to, including, (<=) 5.0.2cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*
- IBM » Rational Collaborative Lifecycle ManagementVersions from including (>=) 5.0.0 and up to, including, (<=) 6.0.6cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*
- IBM » Rational Doors Next GenerationVersions from including (>=) 6.0.0 and up to, including, (<=) 6.0.6cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*
- IBM » Rational Doors Next GenerationVersions from including (>=) 5.0.0 and up to, including, (<=) 5.0.2cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*
- IBM » Rational Rhapsody Design ManagerVersions from including (>=) 5.0.0 and up to, including, (<=) 5.0.2cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*
- IBM » Rational Rhapsody Design ManagerVersions from including (>=) 6.0.0 and up to, including, (<=) 6.0.6cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*
- IBM » Rational Engineering Lifecycle ManagerVersions from including (>=) 6.0.0 and up to, including, (<=) 6.0.6cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*
- IBM » Rational Engineering Lifecycle ManagerVersions from including (>=) 5.0.0 and up to, including, (<=) 5.0.2cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1606
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1606
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
IBM Corporation |
CWE ids for CVE-2018-1606
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1606
-
http://www.ibm.com/support/docview.wss?uid=ibm10738301
IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technologyVendor Advisory;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/143796
IBM Jazz information disclosure CVE-2018-1606 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to