IBM4D676AC0D50F1109C824E49DA63B1DB88515209EDBD0E755902552A65E686137Security Bulletin: Rational Insight - Jazz Reporting Service report results can be viewed without user log-in (CVE-2014-6115)
0.002 Low
EPSS
Percentile
54.9%
Summary
A security vulnerability exists in the Jazz Reporting Service (JRS) that is shipped with Rational Insight.
Vulnerability Details
Security vulnerabilities have been discovered and reported in Jazz Reporting Service.
CVEID: CVE-2014-6115
Description: A Jazz Reporting Service (JRS) report URL can be constructed that would bypass the control of the authentication mechanism resulting in information being revealed without the user being prompted for log-in credentials.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96212> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Rational Insight 1.1.1.5
Remediation/Fixes
Apply the recommended fixes to all affected versions of Rational Insight.
- Download the Rational Insight 1.1.1.6 release.
Review the topics related to JRS in Upgrading Rational Insight for the detailed instructions for upgrading respective components from Rational Insight 1.1.1.5 to 1.1.1.6.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| rational insight | eq | 1.1.1.5 |
Related
0.002 Low
EPSS
Percentile
54.9%