Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation

Summary

IBM Rational DOORS Next Generation® is affected by a vulnerability in the Oracle Outside In Technology® that is used as a component.

Vulnerability Details

CVE-ID: CVE-2015-4808 Description: An unspecified vulnerability in the Oracle Outside In Technology Outside In Filters component could allow a local or remote attacker to cause a denial of service or possibly execute arbitrary code on the system. CVSS Base Score: 6.8 CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109802&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-ID: CVE-2015-6013 Description: Oracle Outside In Technology Outside In Filters component is vulnerable to a stack-based buffer overflow when handling WK4 files. A local or remote attacker could exploit this vulnerability using a specially crafted file to cause a denial of service and possibly execute arbitrary code on the system. CVSS Base Score: 6.8 CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109803&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-ID: CVE-2015-6014 Description: Oracle Outside In Technology Outside In Filters component is vulnerable to a stack-based buffer overflow when handling doc files. A local or remote attacker could exploit this vulnerability using a specially crafted file to cause a denial of service and possibly execute arbitrary code on the system. CVSS Base Score: 6.8 CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109804&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-ID: CVE-2015-6015 Description: Oracle Outside In Technology Outside In Filters component is vulnerable to a stack-based buffer overflow when handling Paradox DB files. A local or remote attacker could exploit this vulnerability using a specially crafted file to cause a denial of service and possibly execute arbitrary code on the system. CVSS Base Score: 6.8 CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/110005&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-ID: CVE-2016-0432 Description: An unspecified vulnerability in the Oracle Outside In Technology Outside In Filters component could allow a local or remote attacker to attacker to cause a denial of service and possibly execute arbitrary code on the system. CVSS Base Score: 6.8 CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109805&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

Rational DOORS Next Generation 6.0.1
Rational DOORS Next Generation 6.0
Rational DOORS Next Generation 5.0.2
Releases prior to 5.0.2 are not affected.

Remediation/Fixes

For the 6.0 and 6.0.1 releases, upgrade to version 6.0.1 iFix003 or later

• Rational DOORS Next Generation 6.0.1 iFix003

For the 5.0.2 release, upgrade to version 5.0.2 iFix014 or later

• Rational DOORS Next Generation 5.0.2 iFix014