IBM Rational Quality Manager and Test Lab Manager Policy Bypass

ID SAINT:627454943189EB0A2BD02D71CE81E15E
Type saint
Reporter SAINT Corporation
Modified 2010-11-05T00:00:00


Added: 11/05/2010
CVE: CVE-2010-4094
BID: 44172


IBM Rational Quality Manager is a web-based centralized test management environment for test planning, workflow control, tracking and metrics reporting. IBM Rational Quality Manager incorporates Apache Tomcat 5 to help serve custom web applications.

IBM Rational Test Lab Manager integrates fully with Rational Quality Manager and helps to improve the efficiency of the test lab and optimize how resources are requested and provided.


An unauthorized file upload vulnerability exists in IBM Rational Quality Manager. IBM Rational Quality Manager generates credentials for a default user/password combination in Apache Tomcat. A remote attacker can leverage this vulnerability by sending a crafted HTTP request using the default credentials. Once authenticated, the attacker can upload a malicious web application to a vulnerable system.


Download the fix for IBM Rational Quality Manager 2.0.1 from IBM.




Exploit works on IBM Rational Quality Manager 2.0.1 on Microsoft Windows Server 2003 and Windows Server 2008.

It may take longer than usual to establish the connection after successful exploitation because it takes time for the affected server to deploy the malicious WAR file.