Skip to main content

Rational Engineering Lifecycle Manager CVE-2018-1539

MEDIUM
Improper Authentication (CWE-287)
2018-09-25 psirt@us.ibm.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 25, 2018 - 15:29 nvd
MEDIUM 6.5

DescriptionNVD

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.

AnalysisAI

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561. Affected products include: Ibm Rational Engineering Lifecycle Manager. Version information: through 5.02.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2017-1099 MEDIUM
4.3 Jun 13

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error cond

CVE-2021-29844 HIGH
8.8 Oct 27

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this

CVE-2016-9707 HIGH
8.1 Mar 31

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when pr

CVE-2021-29774 HIGH
7.5 Oct 27

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configuratio

CVE-2019-4252 HIGH
7.5 Jun 27

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directorie

CVE-2021-20502 HIGH
7.1 Mar 30

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. R

CVE-2018-1846 HIGH
7.1 Nov 02

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Enti

CVE-2018-1607 HIGH
7.1 Sep 25

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity

CVE-2018-1588 HIGH
7.1 Sep 25

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to

CVE-2015-1928 MEDIUM
6.8 Jan 02

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF

CVE-2018-1492 MEDIUM
6.8 Jul 10

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the

CVE-2021-29786 MEDIUM
6.5 Oct 27

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated me

Share

CVE-2018-1539 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy