CVE-2018-1606Sensitive Information Exposure in IBM Rational Collaborative Lifecycle Management

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
IBM Rational Collaborative Lifecycle ManagementIBM Rational Doors Next GenerationIBM Rational Engineering Lifecycle Manager+4 more
Timeline
PublishedNov 6
Latest updateMay 13

Description

IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages14 packages

CVEListV5ibm/rational_rhapsody_design_manager10 versions+9

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-g9x8-hq5r-f6qm: IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 52022-05-13
CVEList
CVE-2018-1606: IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 52018-11-06

💬Community

1
Bugzilla
CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path2019-01-17
CVE-2018-1606 — Sensitive Information Exposure in IBM | cvebase