Information Disclosure in IBM Jazz Applications
CVE-2018-1606

4.3MEDIUM

Summary

An information disclosure vulnerability exists in IBM Jazz based applications that allows authenticated users to access sensitive information through error messages. These messages could potentially be leveraged by attackers to execute further attacks against the system. This affects various versions of IBM's Rational Collaborative Lifecycle Management, Rational DOORS Next Generation, Engineering Lifecycle Manager, Quality Manager, Rhapsody Design Manager, Software Architect Design Manager, and Team Concert products.

Affected Version(s)

Rational Collaborative Lifecycle Management 5.0

Rational Collaborative Lifecycle Management 6.0

Rational Collaborative Lifecycle Management 6.0.1

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.