CVE-2016-0284XML External Entity (XXE) Injection in IBM Rational Collaborative Lifecycle Management

CWE-611XML External Entity (XXE) InjectionCWE-79Cross-site Scripting6 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 43.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
IBM Rational Collaborative Lifecycle ManagementIBM Rational Doors Next GenerationIBM Rational Engineering Lifecycle Manager+4 more
Timeline
PublishedNov 24
Latest updateMay 17

Description

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages7 packages

NVDibm/rational_quality_manager15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-67v4-r89v-8632: The XML parser in IBM Rational Collaborative Lifecycle Management 32022-05-17
CVEList
CVE-2016-0284: The XML parser in IBM Rational Collaborative Lifecycle Management 32016-11-24

📋Vendor Advisories

1
Red Hat
Sat5: XSS in uset details2016-02-07

💬Community

2
Bugzilla
CVE-2016-2144 Sat5: XSS in uset details2016-03-07
Bugzilla
CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)2015-01-13
CVE-2016-0284 — XML External Entity (XXE) Injection | cvebase