CVE-2016-2981 — Sensitive Information Exposure in Corporation Rational Collaborative Lifecycle Management

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 83.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Rational Collaborative Lifecycle Management IBM Rational Collaborative Lifecycle Management

Timeline

PublishedMar 20

Latest updateMay 17

Description

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/rational_collaborative_lifecycle_management15 versions+14

▶CVEListV5ibm_corporation/rational_collaborative_lifecycle_management17 versions+16

Patches

Patch: www.ibm.com ↗Patch: exchange.xforce.ibmcloud.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-w2c4-g4vc-8hvv: An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials↗2022-05-17

▶

CVEList

CVE-2016-2981: An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials↗2017-03-20

▶