CVE-2017-1524Sensitive Information Exposure in IBM Rational Collaborative Lifecycle Management

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
IBM Rational Collaborative Lifecycle ManagementIBM Rational Doors Next GenerationIBM Rational Engineering Lifecycle Manager+4 more
Timeline
PublishedMar 23
Latest updateMay 13

Description

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

NVDibm/rational_team_concert4.0.04.0.7+4
NVDibm/rational_quality_manager4.0.04.0.7+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-24jw-rphj-mqwg: IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 52022-05-13
CVEList
CVE-2017-1524: IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 52018-03-23

💥Exploits & PoCs

1
Exploit-DB
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow2020-01-08
CVE-2017-1524 — Sensitive Information Exposure in IBM | cvebase