CVE-2019-4252 — Path Traversal in IBM Rational Collaborative Lifecycle Management

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedJun 27

Latest updateMay 24

Description

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

▶NVDibm/rational_collaborative_lifecycle_management6.0 — 6.0.6.1

▶CVEListV5ibm/rational_collaborative_lifecycle_management8 versions+7

▶NVDibm/rational_engineering_lifecycle_manager6.0 — 6.0.6.1

▶NVDibm/rational_team_concert6.0 — 6.0.6.1

▶NVDibm/rational_quality_manager6.0 — 6.0.6.1

🔴Vulnerability Details

GHSA

GHSA-mcq8-9jpg-3vg7: IBM Rational Collaborative Lifecycle Management 6↗2022-05-24

▶

CVEList

CVE-2019-4252: IBM Rational Collaborative Lifecycle Management 6↗2019-06-27

▶