CVE-2019-4252
published 2019-06-27CVE-2019-4252: IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | — | — |
| ibm | rational_collaborative_lifecycle_management | 6.0 – 6.0.6.1 | — |
| ibm | rational_doors_next_generation | 6.0 – 6.0.6.1 | — |
| ibm | rational_engineering_lifecycle_manager | 6.0 – 6.0.6.1 | — |
| ibm | rational_quality_manager | 6.0 – 6.0.6.1 | — |
| ibm | rational_rhapsody_design_manager | 6.0 – 6.0.6.1 | — |
| ibm | rational_software_architect_design_manager | 6.0 – 6.0.1 | — |
| ibm | rational_team_concert | 6.0 – 6.0.6.1 | — |