Information Disclosure in IBM Jazz Applications
CVE-2018-1606

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Rational Team Concert; Rational Software Architect Design Manager; Rational Doors Next Generation; Rational Collaborative Lifecycle Management
Vendor: CVE Published:; 6 November 2018

Summary

An information disclosure vulnerability exists in IBM Jazz based applications that allows authenticated users to access sensitive information through error messages. These messages could potentially be leveraged by attackers to execute further attacks against the system. This affects various versions of IBM's Rational Collaborative Lifecycle Management, Rational DOORS Next Generation, Engineering Lifecycle Manager, Quality Manager, Rhapsody Design Manager, Software Architect Design Manager, and Team Concert products.

Affected Version(s)

Rational Collaborative Lifecycle Management 5.0

Rational Collaborative Lifecycle Management 6.0

Rational Collaborative Lifecycle Management 6.0.1

References

http://www.ibm.com/support/docview.wss?uid=ibm10738301

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/143796

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2018
Vulnerability Reserved
Dec 13, 2017