5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.0%
Vulnerabilities have been identified in IBM Rational Team Concert (RTC), IBM Rational Quality Manager (RQM), and IBM Rational Requirements Composer (RRC) versions 4.0 and 4.0.1 and the Rational Collaborative Lifecycle Management Solution (CLM), allowing a remote attacker to bypass access restrictions on the server process.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID:CVE-2012-5885
Description: Replay-countermeasure functionality in HTTP Digest Access Authentication has a flaw, which makes it easier for attackers to bypass access restrictions.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/80408>_ for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID:CVE-2012-5886
Description: HTTP Digest Access Authentication implementation could potentially allow an attacker to bypass authentication.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/80407> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:CVE-2012-5887
**Description:**HTTP Digest Access Authentication implementation has a flaw which allows an
attacker to bypass restrictions.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/79809>_ for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CLM 4.0.1 and earlier
RTC 4.0.1 and earlier
RQM 4.0.1 and earlier
RRC 4.0.1 and earlier
Apply version 4.0.2 or later to resolve the issue.
Downloads are available from _<https://jazz.net/downloads>_
Isolate systems from untrusted network traffic by means of firewalls.