ESB-2018.2947 - [Win][UNIX/Linux] IBM Rational Quality Manager: Multiple vulnerabilities 2018-10-01

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2947
        Security Bulletin: Multiple Security Vulnerabilities affect
                    IBM(R) Rational(R) Quality Manager
                              1 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Rational Quality Manager
Publisher:         IBM
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Overwrite Arbitrary Files -- Existing Account      
                   Denial of Service         -- Remote/Unauthenticated
                   Cross-site Scripting      -- Existing Account      
                   Access Confidential Data  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1692 CVE-2018-1691 CVE-2018-1605
                   CVE-2018-1601 CVE-2018-1557 CVE-2018-1522
                   CVE-2018-1440 CVE-2018-1439 CVE-2018-1405
                   CVE-2018-1404 CVE-2018-1403 CVE-2018-1395
                   CVE-2017-5662 CVE-2017-1649 CVE-2010-2232
                   CVE-2009-4521  

Reference:         ASB-2018.0179
                   ASB-2018.0177
                   ASB-2018.0159
                   ESB-2017.2153
                   ESB-2017.2028
                   ESB-2017.1175

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=ibm10733078

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Multiple Security Vulnerabilities affect IBM(R) Rational(R)
Quality Manager

PSIRT; security

Document information

More support for: Rational Quality Manager

Software version: 5.0.x, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6

Operating system(s): Platform Independent

Reference #: 0733078

Modified date: 27 September 2018

Security Bulletin

Summary

IBM(R) Rational(R) Quality Manager is vulnerable to multiple security
vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-1649
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
133259 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1395
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138427 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1405
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138441 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1404
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138440 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1403
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138439 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1439
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139589 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1440
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139595 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1522
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
141803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1557
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
142955 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1601
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143791 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2010-2232
DESCRIPTION: Apache Derby could allow a remote attacker to overwrite arbitrary
files, caused by a flaw in the Export functionality. An attacker could exploit
this vulnerability to overwrite arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
134130 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-5662
DESCRIPTION: Apache Batik could allow a remote authenticated attacker to obtain
sensitive information, caused by an XML external entity (XXE) error when
processing XML data. By using a specially-crafted SVG file, a remote attacker
could exploit this vulnerability to obtain sensitive information or possibly
cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125198 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID: CVE-2009-4521
DESCRIPTION: Eclipse BIRT is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the report viewer. A remote
attacker could exploit this vulnerability using the __report parameter to
inject malicious script into a Web page which would be executed in a victim's
Web browser within the security context of the hosting Web site, once the page
is viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials. Note: KonaKart uses BIRT and is also
vulnerable.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
53773 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2018-1605
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143795 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1692
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
145583 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1691
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
145582 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Rational Collaborative Lifecycle Management 5.0 - 6.0.6

Rational Quality Manager 6.0 - 6.0.6
Rational Quality Manager 5.0 - 5.0.2

Remediation/Fixes

For the 6.0.x releases:

  o Or version 6.0.6 iFix002 or later
      - Rational Quality Manager 6.0.6 iFix002
  o Or version 6.0.5 iFix008 or later
      - Rational Quality Manager 6.0.5 iFix008

  o Or version 6.0.4 iFix011 for CVE-2017-1649 and  CVE-2018-1557 only:
      - Rational Quality Manager 6.0.4 iFix011
  o Or version 6.0.2 iFix017 or later
      - Rational Quality Manager 6.0.2 iFix018

For the 5.x releases, upgrade to version 5.0.2 iFix26 or later

  o Rational Quality Manager 5.0.2 iFix27

Workarounds and Mitigations

None

Change History

27 September 2018: Initial publication

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

                          Cross reference information
       Product         Component  Platform            Version           Edition
Rational Collaborative           Platform    5.0.x, 6.0, 6.0.1, 6.0.2,
 Lifecycle Management            Independent 6.0.3, 6.0.4, 6.0.5, 6.0.6

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW7FtDWaOgq3Tt24GAQh8+A//brZNGb1L4GBAM7+ajvGGOGFm9GR6RfIh
7W+228hMMQ/a9ouqE7ZDe7eYJ2UbiJtImy2MkRt8o/j2T0jyRnDOcLTMdeUmchFk
IR13eDw2cbbx/weTL1sK/rKqJqAYBiG28lN5PD3G/C78GFdtfhxEM4H8SV97v24u
uQb5MSof7Y55tz2pycmgFZNUIaAZoS32rHgy+iSgbwevI1GJeZRIxOgHmPz7XrUz
Z640G36tuHpPsZCH52TNszQENjUfu6bkbvvDePjCeYe+X4Ot3qQ47mVDfou5RIK4
v9vVL2CR9NEJ+oBxHq3Gvaw5vRaukvW8FV0HApp3SLNzXD6gaV3ZLnfFLUJfeLeS
ZV0BcHKAR/YVQVP8pn6pAWUWx5ymBK56k/Yexf1RxQjGuaR/vgAZxstEp/AldP4c
14p5S0EHOh544HpHd+8H2xIQDsOZVsGVKcUfIHow9i1vNT8ynGKA9BwFVnSNFlVx
pQCheLTMvXMfeUWFIGEmjIcv2GewEQHTvJevdVnO7sgj5SA32wKdqltaFb+KNluC
V8FHdyqvD3zw2AU+fDSuy0u5jKMt4N/SWL0bU9AHMb6aFaxkILtlwghVoO18h2mT
UYF/onNNBfRJlcITeBn1mhZG7HuXdg5BvQkoOSjbs6w79vSgz4hPPYiogaxsVKPl
4EJxK6aR17M=
=mRpx
-----END PGP SIGNATURE-----

« Back to bulletins