CVE-2016-2987 — Sensitive Information Exposure in Corporation Rational Collaborative Lifecycle Management

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 60.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedFeb 1

Latest updateMay 17

Description

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

▶NVDibm/rational_team_concert17 versions+16

▶NVDibm/rational_quality_manager15 versions+14

▶NVDibm/rational_doors_next_generation16 versions+15

▶NVDibm/rational_rhapsody_design_manager16 versions+15

▶NVDibm/rational_engineering_lifecycle_manager12 versions+11

🔴Vulnerability Details

GHSA

GHSA-pqqq-jxh9-pv3r: An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker↗2022-05-17

▶

CVEList

CVE-2016-2987: An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker↗2017-02-01

▶