-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.2298.2
        Security Bulletin: Security vulnerabilities affect multiple
            IBM Rational products based on IBM Jazz technology
                                4 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Rational products
Publisher:         IBM
Operating System:  AIX
                   Linux variants
                   Solaris
                   Windows
                   Apple iOS
Impact/Access:     Cross-site Scripting     -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-4252 CVE-2019-4250 CVE-2019-4249
                   CVE-2019-4084 CVE-2019-4083 CVE-2018-1893
                   CVE-2018-1892 CVE-2018-1828 CVE-2018-1827
                   CVE-2018-1826 CVE-2018-1760 CVE-2018-1758
                   CVE-2018-1734  

Reference:         ASB-2019.0002
                   ESB-2019.1793
                   ESB-2019.1390
                   ESB-2019.0854
                   ESB-2019.0613
                   ESB-2019.1025.2

Original Bulletin: 
   https://www-01.ibm.com/support/docview.wss?uid=ibm10956525

Revision History:  July  4 2019: Vendor updated affected product list
                   June 26 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Security vulnerabilities affect multiple IBM Rational
products based on IBM Jazz technology

Document information

More support for: Rational Collaborative Lifecycle Management

Software version: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.6.1

Operating system(s): Platform Independent

Reference #: 0956525

Modified date: 03 July 2019

Summary

Multiple security vulnerabilities affect components used by the following
products that may affect those products: Collaborative Lifecycle Management
(CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle
Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM),
Rational Rhapsody Design Manager (Rhapsody DM), IBM Rhapsody Model Manager and
Rational Software Architect Design Manager (RSA DM).

Vulnerability Details

CVEID: CVE-2019-4252
DESCRIPTION: IBM Team Concert (RTC) could allow a remote attacker to traverse
directories on the system. An attacker could send a specially-crafted URL
request containing "dot dot" sequences (/../) to view arbitrary files on the
system.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159883 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
  
CVEID: CVE-2019-4249
DESCRIPTION: IBM Team Concert (RTC) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159647 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1758
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
148605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1760
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
148614 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1826
DESCRIPTION: IBM Rational Quality Manager (RQM) is vulnerable to cross-site
scripting. This vulnerability allows users to embed arbitrary JavaScript code
in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
150429 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1827
DESCRIPTION: IBM Rational Quality Manager (RQM) is vulnerable to cross-site
scripting. This vulnerability allows users to embed arbitrary JavaScript code
in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
150430 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1828
DESCRIPTION: IBM Rational Quality Manager (RQM) is vulnerable to cross-site
scripting. This vulnerability allows users to embed arbitrary JavaScript code
in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
150431 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1893
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152157 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1892
DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web
UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152156 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-4250
DESCRIPTION: IBM Jazz Foundation is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI
thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159648 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1734
DESCRIPTION: IBM Rhapsody Model Manager discloses sensitive information in
error messages that may be used by a malicious user to orchestrate further
attacks.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
147838 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-4083
DESCRIPTION: IBM Jazz Foundation is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI
thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157383 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-4084
DESCRIPTION: IBM Jazz Foundation could allow an authenticated user to obtain
sensitive information from CLM Applications that could be used in further
attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157384 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Rational Collaborative Lifecycle Management 6.0 - 6.0.6.1
Rational Quality Manager 6.0 - 6.0.6.1
Rational Team Concert 6.0 - 6.0.6.1
Rational DOORS Next Generation 6.0 - 6.0.6.1
Rational Engineering Lifecycle Manager 6.0 - 6.0.6.1
Rational Rhapsody Design Manager 6.0 - 6.0.6.1
Rational Software Architect Design Manager 6.0 - 6.0.1
IBM Rhapsody Model Manager  6.0.5-6.0.6.1

Remediation/Fixes

For the 6.0 - 6.0.6.1 releases:

  o Upgrade to version 6.0.6.1 iFix002 or later
       Rational Collaborative Lifecycle Management 6.0.6.1 iFix002
       Rational DOORS Next Generation 6.0.6.1 iFix002
       Rational Quality Manager 6.0.6.1 iFix002
       Rational Team Concert 6.0.6.1 iFix002
       Rational Engineering Lifecycle Manager: Upgrade to version 6.0.6.1 and
        install server from CLM 6.0.6.1 iFix002
       Rational Rhapsody Design Manager: Upgrade to version 6.0.6.1 and
        install server from CLM 6.0.6.1 iFix002
       IBM Rhapsody Model Manager: Upgrade to version 6.0.6.1 and install
        server from CLM 6.0.6.1 iFix002
       Rational Software Architect Design Manager: Upgrade to version 6.0.6.1
        and install server from CLM 6.0.6.1 iFix002

  o Or Upgrade to version 6.0.6 iFix0010 or later (Planned publication within
    30 days)
       Rational Collaborative Lifecycle Management 6.0.6 iFix010
       Rational DOORS Next Generation 6.0.6 iFix010
       Rational Quality Manager 6.0.6 iFix010
       Rational Team Concert 6.0.6 iFix010
       Rational Engineering Lifecycle Manager: Upgrade to version 6.0.6 and
        install server from CLM 6.0.6 iFix010
       Rational Rhapsody Design Manager: Upgrade to version 6.0.6 and install
        server from CLM 6.0.6 iFix010
       IBM Rhapsody Model Manager: Upgrade to version 6.0.6 and install
        server from CLM 6.0.6 iFix010
       Rational Software Architect Design Manager: Upgrade to version 6.0.6
        and install server from CLM 6.0.6 iFix010

  o Or upgrade to version 6.0.2 iFix021 or later
       Rational Collaborative Lifecycle Management 6.0.2 iFix021
       Rational Team Concert 6.0.2 iFix021
       Rational Quality Manager 6.0.2 iFix021
       Rational DOORS Next Generation 6.0.2 iFix021
       Rational Software Architect Design Manager: Upgrade to version 6.0.2
        and install server from CLM 6.0.2 iFix021
       Rational Rhapsody Design Manager: Upgrade to version 6.0.2 and install
        server from CLM 6.0.2 iFix021
       Rational Engineering Lifecycle Manager: Upgrade to version 6.0.2 and
        install server from CLM 6.0.2 iFix021

For any prior versions of the products listed above, IBM recommends upgrading
to a fixed, supported version/release/platform of the product.

If the iFix is not found in the Fix Portal please contact IBM Support.

Workarounds and Mitigations

None


Change History

25 June 2019: Initial publication
03 July 2019: Affected products list updated

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXR2RQ2aOgq3Tt24GAQgHcBAAxbtJBx7GWut+9EFfAP6hIJdNkkgWquOx
5kX33NU0JSzK58zdU7/Z8RuyS/rFTu5loa7V5isRlbmLcFFbrdC4CeW7KDX6klje
njatr4Xen+MZ8DtGwDxr+CEv+L2UN9uaKbtVuHOXfPRWRxw+A0aVPR7dwNXiiV01
fGo/S4iGYVF3vw81YPfnYGUzW3m+rG6LHwj9KRbC81LOBkB4bQSBAv33veL2/F3P
iuYg9WmHKmQ08Tlaad3fxxB0LosrtRHOTpniZCYRlfJy9r4RJe34RDPFLvrE5kg1
krpfod5DlpLDNVwhy37QEAP5YhiAbwm6YbrSVs0DFVPZjt9SYrhTsJlQtc0C3/5w
hpnkLPH+ob4vQdQf+bVU+7qY5OwOWt2z/xrUzCpZXGvIs2rchY8UskLqKMgKxOsC
DA/AqKo19QKXC6uFkVgWmuYDxh6/TeDztT26tnHXw1MfDvjeR/tZYaGAMgKh/cxI
5LquEZBx3qcGuLzzHrcNiMASbVg2EtHhSGlifOoLGUKbMSigeZG7ynAZxivrv9PK
QA/j7x0Atrd9tq07vKgKiPS7WZLw09z7eut146TUWwdpKXbNCDZyEVmYkUQvzm5N
L6Nj8XmPezkONXPpKZ2eTGgNcPXzpt+EmUL5yRUP0BC0pwznDwCDuSuNskoXldJ9
D5fPe6KEKc4=
=Le3S
-----END PGP SIGNATURE-----