Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2016-0372
HistoryNov 24, 2016 - 7:59 p.m.

CVE-2016-0372

2016-11-2419:59:09
CWE-254
CWE-200
[email protected]
web.nvd.nist.gov
23
ibm
rational
clm
rqm
rtc
rdng
elm
rhapsody
rsa
security
session cookie
cve-2016-0372

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.9%

JSON

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected configurations

NVD
Node
ibmrational_team_concertMatch3.0.1.6
OR
ibmrational_team_concertMatch4.0.0
OR
ibmrational_team_concertMatch4.0.1
OR
ibmrational_team_concertMatch4.0.2
OR
ibmrational_team_concertMatch4.0.3
OR
ibmrational_team_concertMatch4.0.4
OR
ibmrational_team_concertMatch4.0.5
OR
ibmrational_team_concertMatch4.0.6
OR
ibmrational_team_concertMatch4.0.7
OR
ibmrational_team_concertMatch5.0.0
OR
ibmrational_team_concertMatch5.0.1
OR
ibmrational_team_concertMatch5.0.2
OR
ibmrational_team_concertMatch6.0.0
OR
ibmrational_team_concertMatch6.0.1
OR
ibmrational_team_concertMatch6.0.2
Node
ibmrational_quality_managerMatch3.0.1.6
OR
ibmrational_quality_managerMatch4.0.0
OR
ibmrational_quality_managerMatch4.0.1
OR
ibmrational_quality_managerMatch4.0.2
OR
ibmrational_quality_managerMatch4.0.3
OR
ibmrational_quality_managerMatch4.0.4
OR
ibmrational_quality_managerMatch4.0.5
OR
ibmrational_quality_managerMatch4.0.6
OR
ibmrational_quality_managerMatch4.0.7
OR
ibmrational_quality_managerMatch5.0.0
OR
ibmrational_quality_managerMatch5.0.1
OR
ibmrational_quality_managerMatch5.0.2
OR
ibmrational_quality_managerMatch6.0.0
OR
ibmrational_quality_managerMatch6.0.1
OR
ibmrational_quality_managerMatch6.0.2
Node
ibmrational_software_architect_design_managerMatch4.0.0
OR
ibmrational_software_architect_design_managerMatch4.0.1
OR
ibmrational_software_architect_design_managerMatch4.0.2
OR
ibmrational_software_architect_design_managerMatch4.0.3
OR
ibmrational_software_architect_design_managerMatch4.0.4
OR
ibmrational_software_architect_design_managerMatch4.0.5
OR
ibmrational_software_architect_design_managerMatch4.0.6
OR
ibmrational_software_architect_design_managerMatch4.0.7
OR
ibmrational_software_architect_design_managerMatch5.0.0
OR
ibmrational_software_architect_design_managerMatch5.0.1
OR
ibmrational_software_architect_design_managerMatch5.0.2
OR
ibmrational_software_architect_design_managerMatch6.0.0
OR
ibmrational_software_architect_design_managerMatch6.0.1
OR
ibmrational_software_architect_design_managerMatch6.0.2
Node
ibmrational_collaborative_lifecycle_managementMatch3.0.1.6
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.0
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.1
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.2
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.3
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.4
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.5
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.6
OR
ibmrational_collaborative_lifecycle_managementMatch4.0.7
OR
ibmrational_collaborative_lifecycle_managementMatch5.0.0
OR
ibmrational_collaborative_lifecycle_managementMatch5.0.1
OR
ibmrational_collaborative_lifecycle_managementMatch5.0.2
OR
ibmrational_collaborative_lifecycle_managementMatch6.0.0
OR
ibmrational_collaborative_lifecycle_managementMatch6.0.1
OR
ibmrational_collaborative_lifecycle_managementMatch6.0.2
Node
ibmrational_engineering_lifecycle_managerMatch4.0.0
OR
ibmrational_engineering_lifecycle_managerMatch4.0.1
OR
ibmrational_engineering_lifecycle_managerMatch4.0.2
OR
ibmrational_engineering_lifecycle_managerMatch4.0.3
OR
ibmrational_engineering_lifecycle_managerMatch4.0.4
OR
ibmrational_engineering_lifecycle_managerMatch4.0.5
OR
ibmrational_engineering_lifecycle_managerMatch4.0.6
OR
ibmrational_engineering_lifecycle_managerMatch4.0.7
OR
ibmrational_engineering_lifecycle_managerMatch5.0.0
OR
ibmrational_engineering_lifecycle_managerMatch5.0.1
OR
ibmrational_engineering_lifecycle_managerMatch5.0.2
OR
ibmrational_engineering_lifecycle_managerMatch6.0.0
OR
ibmrational_engineering_lifecycle_managerMatch6.0.1
OR
ibmrational_engineering_lifecycle_managerMatch6.0.2
Node
ibmrational_rhapsody_design_managerMatch4.0
OR
ibmrational_rhapsody_design_managerMatch4.0.1
OR
ibmrational_rhapsody_design_managerMatch4.0.2
OR
ibmrational_rhapsody_design_managerMatch4.0.3
OR
ibmrational_rhapsody_design_managerMatch4.0.4
OR
ibmrational_rhapsody_design_managerMatch4.0.5
OR
ibmrational_rhapsody_design_managerMatch4.0.6
OR
ibmrational_rhapsody_design_managerMatch4.0.7
OR
ibmrational_rhapsody_design_managerMatch5.0.0
OR
ibmrational_rhapsody_design_managerMatch5.0.1
OR
ibmrational_rhapsody_design_managerMatch5.0.2
OR
ibmrational_rhapsody_design_managerMatch6.0.0
OR
ibmrational_rhapsody_design_managerMatch6.0.1
OR
ibmrational_rhapsody_design_managerMatch6.0.2
Node
ibmrational_doors_next_generationMatch4.0.0
OR
ibmrational_doors_next_generationMatch4.0.1
OR
ibmrational_doors_next_generationMatch4.0.2
OR
ibmrational_doors_next_generationMatch4.0.3
OR
ibmrational_doors_next_generationMatch4.0.4
OR
ibmrational_doors_next_generationMatch4.0.5
OR
ibmrational_doors_next_generationMatch4.0.6
OR
ibmrational_doors_next_generationMatch4.0.7
OR
ibmrational_doors_next_generationMatch5.0.0
OR
ibmrational_doors_next_generationMatch5.0.1
OR
ibmrational_doors_next_generationMatch5.0.2
OR
ibmrational_doors_next_generationMatch6.0.0
OR
ibmrational_doors_next_generationMatch6.0.1
OR
ibmrational_doors_next_generationMatch6.0.2

Related

prion 1
nvd 1
cvelist 1
ibm 1
prion
prion
Design/Logic Flaw
2016-11-24 19:59:00
nvd
nvd
CVE-2016-0372
2016-11-24 19:59:09
cvelist
cvelist
CVE-2016-0372
2016-11-24 19:41:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology
2021-04-28 18:35:50

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.9%

JSON
Related for CVE-2016-0372
prion1nvd1cvelist1ibm1