Information Disclosure Vulnerability in IBM Jazz Team Server Products
CVE-2017-1734

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Rational Engineering Lifecycle Manager; Rational Quality Manager; Rational Rhapsody Design Manager; Rational Collaborative Lifecycle Management
Vendor: CVE Published:; 18 April 2018

Summary

A vulnerability exists in IBM Jazz Team Server that allows authenticated users to access potentially sensitive information stored in a cache. This issue affects multiple IBM Rational products, potentially compromising user data integrity and confidentiality. Organizations using affected versions should take immediate action to secure their systems and prevent unauthorized access to sensitive information.

Affected Version(s)

Rational Collaborative Lifecycle Management 5.0

Rational Collaborative Lifecycle Management 5.0.1

Rational Collaborative Lifecycle Management 5.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg22015635

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/134915

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Nov 30, 2016