Information Disclosure in IBM Jazz Applications
CVE-2018-1606
4.3MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 6 November 2018
Summary
An information disclosure vulnerability exists in IBM Jazz based applications that allows authenticated users to access sensitive information through error messages. These messages could potentially be leveraged by attackers to execute further attacks against the system. This affects various versions of IBM's Rational Collaborative Lifecycle Management, Rational DOORS Next Generation, Engineering Lifecycle Manager, Quality Manager, Rhapsody Design Manager, Software Architect Design Manager, and Team Concert products.
Affected Version(s)
Rational Collaborative Lifecycle Management 5.0
Rational Collaborative Lifecycle Management 6.0
Rational Collaborative Lifecycle Management 6.0.1
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved