CVE-2017-1602Files or Directories Accessible to External Parties in IBM Rational Collaborative Lifecycle Management

CWE-552Files or Directories Accessible to External Parties3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
IBM Rational Collaborative Lifecycle ManagementIBM Rational Doors Next GenerationIBM Rational Engineering Lifecycle Manager+4 more
Timeline
PublishedMar 23
Latest updateMay 13

Description

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

NVDibm/rational_team_concert4.0.04.0.7+4
NVDibm/rational_quality_manager4.0.04.0.7+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mjm8-h7pj-pxm5: IBM RSA DM (IBM Rational Collaborative Lifecycle Management 52022-05-13
CVEList
CVE-2017-1602: IBM RSA DM (IBM Rational Collaborative Lifecycle Management 52018-03-23
CVE-2017-1602 — IBM vulnerability | cvebase