CVE-2017-1191 — IBM Rational Collaborative Lifecycle Management vulnerability

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 67.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedDec 27

Latest updateMay 13

Description

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

▶NVDibm/rational_collaborative_lifecycle_management4.0.0 — 6.0.4

▶CVEListV5ibm/rational_collaborative_lifecycle_management17 versions+16

▶NVDibm/rational_engineering_lifecycle_manager4.0.3 — 4.0.7+2

▶NVDibm/rational_team_concert4.0.0 — 4.0.7+2

▶NVDibm/rational_quality_manager4.0.0 — 4.0.7+2

🔴Vulnerability Details

GHSA

GHSA-3p62-jm9h-gf52: An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4↗2022-05-13

▶

CVEList

CVE-2017-1191: An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4↗2017-12-27

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure↗2017-06-22

▶