CVE-2017-1700 — Incorrect Authorization in IBM Rational Collaborative Lifecycle Management

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 49.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedApr 24

Latest updateMay 13

Description

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages14 packages

▶NVDibm/rational_rhapsody_design_manager5.0 — 5.0.2+1

▶NVDibm/rational_engineering_lifecycle_manager5.0 — 5.0.2+1

▶NVDibm/rational_software_architect_design_manager5.0 — 5.0.2+1

▶CVEListV5ibm/rational_rhapsody_design_manager9 versions+8

▶CVEListV5ibm/rational_engineering_lifecycle_manager9 versions+8

🔴Vulnerability Details

GHSA

GHSA-67q4-rq8g-wxrq: IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), R↗2022-05-13

▶

CVEList

CVE-2017-1700: IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), R↗2018-04-24

▶