CVE-2016-0326 — Command Injection in IBM Rational Collaborative Lifecycle Management

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Quality Manager

Timeline

PublishedOct 22

Latest updateMay 17

Description

IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/rational_collaborative_lifecycle_management13 versions+12

▶NVDibm/rational_quality_manager16 versions+15

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-h52j-q63h-cw6p: IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3↗2022-05-17

▶

CVEList

CVE-2016-0326: IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3↗2016-10-22

▶