5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
63.4%
Information disclosure vulnerability in WebSphere Application Server Liberty Profile bundled with IBM Jazz Team Server based Applications affects multiple products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), and Rational Rhapsody Design Manager (Rhapsody DM).
CVEID: CVE-2016-0389**
DESCRIPTION:** IBM Jazz Team Server and the CLM applications (RTC, RQM, RDNG), RELM, and Rhapsody DM are vulnerable to information disclosure in IBM WebSphere Application Server Liberty that could allow a remote attacker to obtain sensitive information caused by improper handling by the Admin Center.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112529 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Rational Collaborative Lifecycle Management 6.0.2
Rational Quality Manager 6.0.2
Rational Team Concert 6.0.2
Rational DOORS Next Generation 6.0.2
Rational Engineering Lifecycle Manager 6.0.2
Rational Rhapsody Design Manager 6.0.2
For V8.5.5.8 Liberty bundled with Jazz Team Server based Applications 6.0.2**,** Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix.
* Apply Interim Fix following the instructions from [_v8558 Liberty Profile Archive Fix Readme_](<ftp://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PI62052/8.5.5.8/readme.txt>).
* Use <JazzInstallLocation>/server/liberty/wlp as the location of the Liberty installation, where <JazzInstallLocation> is the root folder of your CLM 6.0.2 installation.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
63.4%