Security Bulletin: Undisclosed Vulnerability in Rational DOORS Next Generation could allow a JazzGuest user to see project area names without permissions to see them (CVE-2016-6060)

Summary

Security Bulletin: Undisclosed Vulnerability in Rational DOORS Next Generation could allow a JazzGuest user to see project area names without permissions to see them.

Vulnerability Details

CVEID: CVE-2016-6060**
DESCRIPTION:** An undisclosed vulnerability in IBM Rational DOORS Next Generation could allow a JazzGuest user to see project names.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117233 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Rational DOORS Next Generation 6.0-6.0.2
Rational DOORS Next Generation 5.0-5.0.2
Rational Requirements Components 4.0.1-4.0.7

Rational DOORS Next Generation 6.0.3 is not vulnerable.

Remediation/Fixes

For Rational DOORS Next Generation 6.0-6.0.2, a fix is available by upgrading to 6.0.2 iFix005 or later
Rational DOORS Next Generation 6.0.2 iFix005

For Rational DOORS Next Generation 5.0-5.0.2, a fix is available by upgrading to 5.0.2 iFix019 or later
Rational DOORS Next Generation 5.0.2 iFix019

For Rational Requirements Composer 4.0.7, a fix is available by upgrading to 4.0.7 iFix012 or later
Rational DOORS Next Generation 4.0.7 iFix012