Lucene search

[email protected]CVE-2015-0112

HistoryJun 07, 2015 - 6:59 p.m.

CVE-2015-0112

2015-06-0718:59:03

[email protected]

web.nvd.nist.gov

cve-2015-0112

jazz team server

ibm rational

clm

xxe issue

security vulnerability

information security

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.6%

JSON

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

ibmrational_requirements_composerMatch2.0

ibmrational_requirements_composerMatch2.0.0.1

ibmrational_requirements_composerMatch2.0.0.2

ibmrational_requirements_composerMatch2.0.0.3

ibmrational_requirements_composerMatch2.0.0.4

ibmrational_requirements_composerMatch3.0

ibmrational_requirements_composerMatch3.0.1

ibmrational_requirements_composerMatch3.0.1.1

ibmrational_requirements_composerMatch3.0.1.2

ibmrational_requirements_composerMatch3.0.1.3

ibmrational_requirements_composerMatch3.0.1.4

ibmrational_requirements_composerMatch3.0.1.5

ibmrational_requirements_composerMatch3.0.1.6

ibmrational_requirements_composerMatch3.5

ibmrational_requirements_composerMatch4.0

ibmrational_requirements_composerMatch4.0.0

ibmrational_requirements_composerMatch4.0.0.1

ibmrational_requirements_composerMatch4.0.0.2

ibmrational_requirements_composerMatch4.0.1

ibmrational_requirements_composerMatch4.0.2

ibmrational_requirements_composerMatch4.0.3

ibmrational_requirements_composerMatch4.0.4

ibmrational_requirements_composerMatch4.0.5

ibmrational_requirements_composerMatch4.0.6

ibmrational_requirements_composerMatch4.0.7

Node

ibmrhapsody_design_managerMatch3.0.0

ibmrhapsody_design_managerMatch3.0.0.1

ibmrhapsody_design_managerMatch3.0.1

ibmrhapsody_design_managerMatch4.0.0

ibmrhapsody_design_managerMatch4.0.1

ibmrhapsody_design_managerMatch4.0.2

ibmrhapsody_design_managerMatch4.0.3

ibmrhapsody_design_managerMatch4.0.4

ibmrhapsody_design_managerMatch4.0.5

ibmrhapsody_design_managerMatch4.0.6

ibmrhapsody_design_managerMatch4.0.7

ibmrhapsody_design_managerMatch5.0

ibmrhapsody_design_managerMatch5.0.2

Node

ibmrational_requirements_composerMatch2.0

ibmrational_requirements_composerMatch2.0.0.1

ibmrational_requirements_composerMatch2.0.0.2

ibmrational_requirements_composerMatch2.0.0.3

ibmrational_requirements_composerMatch2.0.0.4

ibmrational_requirements_composerMatch3.0

ibmrational_requirements_composerMatch3.0.1

ibmrational_requirements_composerMatch3.0.1.1

ibmrational_requirements_composerMatch3.0.1.2

ibmrational_requirements_composerMatch3.0.1.3

ibmrational_requirements_composerMatch3.0.1.4

ibmrational_requirements_composerMatch3.0.1.5

ibmrational_requirements_composerMatch3.0.1.6

ibmrational_requirements_composerMatch3.5

ibmrational_requirements_composerMatch4.0

ibmrational_requirements_composerMatch4.0.0

ibmrational_requirements_composerMatch4.0.0.1

ibmrational_requirements_composerMatch4.0.0.2

ibmrational_requirements_composerMatch4.0.1

ibmrational_requirements_composerMatch4.0.2

ibmrational_requirements_composerMatch4.0.3

ibmrational_requirements_composerMatch4.0.4

ibmrational_requirements_composerMatch4.0.5

ibmrational_requirements_composerMatch4.0.6

ibmrational_requirements_composerMatch4.0.7

Node

ibmrational_team_concertMatch2.0

ibmrational_team_concertMatch2.0.0.1

ibmrational_team_concertMatch2.0.0.2

ibmrational_team_concertMatch3.0

ibmrational_team_concertMatch3.0.1

ibmrational_team_concertMatch3.0.1.1

ibmrational_team_concertMatch3.0.1.2

ibmrational_team_concertMatch3.0.1.3

ibmrational_team_concertMatch3.0.1.4

ibmrational_team_concertMatch3.0.1.5

ibmrational_team_concertMatch3.0.1.6

ibmrational_team_concertMatch4.0

ibmrational_team_concertMatch4.0.0.1

ibmrational_team_concertMatch4.0.0.2

ibmrational_team_concertMatch4.0.1

ibmrational_team_concertMatch4.0.2

ibmrational_team_concertMatch4.0.3

ibmrational_team_concertMatch4.0.4

ibmrational_team_concertMatch4.0.5

ibmrational_team_concertMatch4.0.6

ibmrational_team_concertMatch4.0.7

ibmrational_team_concertMatch5.0.0

ibmrational_team_concertMatch5.0.1

ibmrational_team_concertMatch5.0.2

Node

ibmrational_quality_managerMatch2.0

ibmrational_quality_managerMatch2.0.0.1

ibmrational_quality_managerMatch2.0.0.2

ibmrational_quality_managerMatch2.0.1

ibmrational_quality_managerMatch3.0

ibmrational_quality_managerMatch3.0.1

ibmrational_quality_managerMatch3.0.1.1

ibmrational_quality_managerMatch3.0.1.2

ibmrational_quality_managerMatch3.0.1.3

ibmrational_quality_managerMatch3.0.1.4

ibmrational_quality_managerMatch3.0.1.5

ibmrational_quality_managerMatch3.0.1.6

ibmrational_quality_managerMatch4.0

ibmrational_quality_managerMatch4.0.0.1

ibmrational_quality_managerMatch4.0.0.2

ibmrational_quality_managerMatch4.0.1

ibmrational_quality_managerMatch4.0.2

ibmrational_quality_managerMatch4.0.3

ibmrational_quality_managerMatch4.0.4

ibmrational_quality_managerMatch4.0.5

ibmrational_quality_managerMatch4.0.7

ibmrational_quality_managerMatch5.0.0

ibmrational_quality_managerMatch5.0.2

Node

ibmrational_software_architect_design_managerMatch3.0.0

ibmrational_software_architect_design_managerMatch3.0.0.1

ibmrational_software_architect_design_managerMatch3.0.1

ibmrational_software_architect_design_managerMatch4.0.0

ibmrational_software_architect_design_managerMatch4.0.1

ibmrational_software_architect_design_managerMatch4.0.2

ibmrational_software_architect_design_managerMatch4.0.3

ibmrational_software_architect_design_managerMatch4.0.4

ibmrational_software_architect_design_managerMatch4.0.5

ibmrational_software_architect_design_managerMatch4.0.6

ibmrational_software_architect_design_managerMatch4.0.7

ibmrational_software_architect_design_managerMatch5.0.1

ibmrational_software_architect_design_managerMatch5.0.2

Node

ibmrational_collaborative_lifecycle_managementMatch3.0.1

ibmrational_collaborative_lifecycle_managementMatch3.0.1.1

ibmrational_collaborative_lifecycle_managementMatch3.0.1.2

ibmrational_collaborative_lifecycle_managementMatch3.0.1.3

ibmrational_collaborative_lifecycle_managementMatch3.0.1.4

ibmrational_collaborative_lifecycle_managementMatch3.0.1.5

ibmrational_collaborative_lifecycle_managementMatch3.0.1.6

ibmrational_collaborative_lifecycle_managementMatch4.0.0

ibmrational_collaborative_lifecycle_managementMatch4.0.1

ibmrational_collaborative_lifecycle_managementMatch4.0.2

ibmrational_collaborative_lifecycle_managementMatch4.0.3

ibmrational_collaborative_lifecycle_managementMatch4.0.4

ibmrational_collaborative_lifecycle_managementMatch4.0.5

ibmrational_collaborative_lifecycle_managementMatch4.0.6

ibmrational_collaborative_lifecycle_managementMatch4.0.7

ibmrational_collaborative_lifecycle_managementMatch5.0.0

ibmrational_collaborative_lifecycle_managementMatch5.0.1

ibmrational_collaborative_lifecycle_managementMatch5.0.2

Node

ibmrational_doors_next_generationMatch4.0.0

ibmrational_doors_next_generationMatch4.0.1

ibmrational_doors_next_generationMatch4.0.2

ibmrational_doors_next_generationMatch4.0.3

ibmrational_doors_next_generationMatch4.0.4

ibmrational_doors_next_generationMatch4.0.5

ibmrational_doors_next_generationMatch4.0.6

ibmrational_doors_next_generationMatch4.0.7

ibmrational_doors_next_generationMatch5.0.1

ibmrational_doors_next_generationMatch5.0.2

Node

ibmrational_engineering_lifecycle_managerMatch1.0

ibmrational_engineering_lifecycle_managerMatch1.0.0.1

ibmrational_engineering_lifecycle_managerMatch4.0.3

ibmrational_engineering_lifecycle_managerMatch4.0.4

ibmrational_engineering_lifecycle_managerMatch4.0.5

ibmrational_engineering_lifecycle_managerMatch4.0.6

ibmrational_engineering_lifecycle_managerMatch4.0.7

ibmrational_engineering_lifecycle_managerMatch5.0.1

ibmrational_engineering_lifecycle_managerMatch5.0.2

CPENameOperatorVersion
ibm:rational_requirements_composeribm rational requirements composereq2.0
ibm:rational_requirements_composeribm rational requirements composereq2.0.0.1
ibm:rational_requirements_composeribm rational requirements composereq2.0.0.2
ibm:rational_requirements_composeribm rational requirements composereq2.0.0.3
ibm:rational_requirements_composeribm rational requirements composereq2.0.0.4
ibm:rational_requirements_composeribm rational requirements composereq3.0
ibm:rational_requirements_composeribm rational requirements composereq3.0.1
ibm:rational_requirements_composeribm rational requirements composereq3.0.1.1
ibm:rational_requirements_composeribm rational requirements composereq3.0.1.2
ibm:rational_requirements_composeribm rational requirements composereq3.0.1.3

CPE	Name	Operator	Version
ibm:rational_requirements_composer	ibm rational requirements composer	eq	2.0
ibm:rational_requirements_composer	ibm rational requirements composer	eq	2.0.0.1
ibm:rational_requirements_composer	ibm rational requirements composer	eq	2.0.0.2
ibm:rational_requirements_composer	ibm rational requirements composer	eq	2.0.0.3
ibm:rational_requirements_composer	ibm rational requirements composer	eq	2.0.0.4
ibm:rational_requirements_composer	ibm rational requirements composer	eq	3.0
ibm:rational_requirements_composer	ibm rational requirements composer	eq	3.0.1
ibm:rational_requirements_composer	ibm rational requirements composer	eq	3.0.1.1
ibm:rational_requirements_composer	ibm rational requirements composer	eq	3.0.1.2
ibm:rational_requirements_composer	ibm rational requirements composer	eq	3.0.1.3