CVE-2018-1423 — Sensitive Information Exposure in IBM Rational Collaborative Lifecycle Management

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.2%

top 60.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedJul 10

Latest updateMay 13

Description

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages14 packages

▶NVDibm/rational_team_concert5.0 — 5.0.2+1

▶NVDibm/rational_quality_manager5.0 — 5.0.2+1

▶NVDibm/rational_doors_next_generation5.0 — 5.0.2+1

▶NVDibm/rational_rhapsody_design_manager5.0 — 5.0.2+1

▶NVDibm/rational_engineering_lifecycle_manager5.0 — 5.0.2+1

🔴Vulnerability Details

GHSA

GHSA-p3fq-j9q2-xx6p: IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the syste↗2022-05-13

▶

CVEList

CVE-2018-1423: IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the syste↗2018-07-10

▶