CVE-2017-1559

Published: Jul 6, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.

Affected (15)

Products: Ibm: Rational Collaborative Lifecycle Management, Rational Team Concert, Rational Doors Next Generation, Rational Quality Manager, Rational Rhapsody Design Manager, Rational Software Architect Design Manager, Rational Engineering Lifecycle Manager

Ibm

7 products

Rational Collaborative Lifecycle Management

Rational Team Concert

Rational Doors Next Generation

Rational Quality Manager

Rational Rhapsody Design Manager

Rational Software Architect Design Manager

Rational Engineering Lifecycle Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Collaborative Lifecycle Management	From 6.0.0 to 6.0.5
Ibm Rational Collaborative Lifecycle Management	Version 5.0.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Team Concert	From 6.0.0 to 6.0.5
Ibm Rational Team Concert	Version 5.0.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Doors Next Generation	From 6.0.0 to 6.0.5
Ibm Rational Doors Next Generation	Version 5.0.1

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Quality Manager	From 6.0.0 to 6.0.5
Ibm Rational Quality Manager	Version 5.0.1

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Rhapsody Design Manager	From 6.0.0 to 6.0.5
Ibm Rational Rhapsody Design Manager	Version 5.0.1

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Software Architect Design Manager	Version 5.0.1
Ibm Rational Software Architect Design Manager	Version 6.0.0
Ibm Rational Software Architect Design Manager	Version 6.0.1

Configuration G

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Engineering Lifecycle Manager	From 6.0.0 to 6.0.5
Ibm Rational Engineering Lifecycle Manager	Version 5.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/131758

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www-prd-trops.events.ibm.com/node/715709

Source: psirt@us.ibm.com

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/131758

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www-prd-trops.events.ibm.com/node/715709

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.