Description
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Team Concert | affected |
|
|||||||||||||||||||||||||||||||||
| IBM | Rational Software Architect Design Manager | affected |
|
|||||||||||||||||||||||||||||||||
| IBM | Rational DOORS Next Generation | affected |
|
|||||||||||||||||||||||||||||||||
| IBM | Rational Collaborative Lifecycle Management | affected |
|
|||||||||||||||||||||||||||||||||
| IBM | Rational Rhapsody Design Manager | affected |
|
|||||||||||||||||||||||||||||||||
| IBM | Rational Quality Manager | affected |
|
|||||||||||||||||||||||||||||||||
| IBM | Rational Engineering Lifecycle Manager | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2018-12273 | IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609. |
References
History
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Subscriptions
Ibm
Subscribe
Rational Collaborative Lifecycle Management
Subscribe
Rational Doors Next Generation
Subscribe
Rational Engineering Lifecycle Manager
Subscribe
Rational Quality Manager
Subscribe
Rational Rhapsody Design Manager
Subscribe
Rational Software Architect Design Manager
Subscribe
Rational Team Concert
Subscribe
MITRE
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2024-09-17T00:40:43.367Z
Reserved: 2017-12-13T00:00:00.000Z
Link: CVE-2018-1694
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-11-06T16:29:00.737
Modified: 2024-11-21T04:00:12.873
Link: CVE-2018-1694
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses