CVE-2017-1734 — Sensitive Information Exposure in IBM Rational Collaborative Lifecycle Management

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 56.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedApr 24

Latest updateMay 14

Description

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages14 packages

▶NVDibm/rational_rhapsody_design_manager5.0 — 5.0.2+1

▶NVDibm/rational_engineering_lifecycle_manager5.0 — 5.0.2+1

▶NVDibm/rational_software_architect_design_manager5.0 — 5.0.2+1

▶CVEListV5ibm/rational_rhapsody_design_manager9 versions+8

▶CVEListV5ibm/rational_engineering_lifecycle_manager9 versions+8

🔴Vulnerability Details

GHSA

GHSA-pvh9-v9q7-pw9x: IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), R↗2022-05-14

▶

CVEList

CVE-2017-1734: IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), R↗2018-04-24

▶