CVE-2016-0284

Name of the Vulnerable Software and Affected Versions IBM Rational Collaborative Lifecycle Management versions 3.0.1.6 through 3.0.1.6 before iFix8 IBM Rational Collaborative Lifecycle Management versions 4.0 through 4.0.7 before iFix11 IBM Rational Collaborative Lifecycle Management versions 5.0 through 5.0.2 before iFix18 IBM Rational Collaborative Lifecycle Management versions 6.0 through 6.0.2 before iFix5 Rational Quality Manager versions 3.0.1.6 through 3.0.1.6 before iFix8 Rational Quality Manager versions 4.0 through 4.0.7 before iFix11 Rational Quality Manager versions 5.0 through 5.0.2 before iFix18 Rational Quality Manager versions 6.0 through 6.0.2 before iFix5 Rational Team Concert versions 3.0.1.6 through 3.0.1.6 before iFix8 Rational Team Concert versions 4.0 through 4.0.7 before iFix11 Rational Team Concert versions 5.0 through 5.0.2 before iFix18 Rational Team Concert versions 6.0 through 6.0.2 before iFix5 Rational DOORS Next Generation versions 4.0 through 4.0.7 before iFix11 Rational DOORS Next Generation versions 5.0 through 5.0.2 before iFix18 Rational DOORS Next Generation versions 6.0 through 6.0.2 before iFix5 Rational Engineering Lifecycle Manager versions 4.0 through 4.0.7 before iFix11 Rational Engineering Lifecycle Manager versions 5.0 through 5.0.2 before iFix18 Rational Engineering Lifecycle Manager versions 6.0 through 6.0.2 before iFix5 Rational Rhapsody Design Manager versions 4.0 through 4.0.7 before iFix11 Rational Rhapsody Design Manager versions 5.0 through 5.0.2 before iFix18 Rational Rhapsody Design Manager versions 6.0 through 6.0.2 before iFix5 Rational Software Architect Design Manager versions 4.0 through 4.0.7 before iFix11 Rational Software Architect Design Manager versions 5.0 through 5.0.2 before iFix18 Rational Software Architect Design Manager versions 6.0 through 6.0.2 before iFix5

Description The XML parser in the affected software allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations IBM Rational Collaborative Lifecycle Management versions 3.0.1.6 through 3.0.1.6 before iFix8: Apply iFix8 to resolve the issue. IBM Rational Collaborative Lifecycle Management versions 4.0 through 4.0.7 before iFix11: Apply iFix11 to resolve the issue. IBM Rational Collaborative Lifecycle Management versions 5.0 through 5.0.2 before iFix18: Apply iFix18 to resolve the issue. IBM Rational Collaborative Lifecycle Management versions 6.0 through 6.0.2 before iFix5: Apply iFix5 to resolve the issue. Rational Quality Manager versions 3.0.1.6 through 3.0.1.6 before iFix8: Apply iFix8 to resolve the issue. Rational Quality Manager versions 4.0 through 4.0.7 before iFix11: Apply iFix11 to resolve the issue. Rational Quality Manager versions 5.0 through 5.0.2 before iFix18: Apply iFix18 to resolve the issue. Rational Quality Manager versions 6.0 through 6.0.2 before iFix5: Apply iFix5 to resolve the issue. Rational Team Concert versions 3.0.1.6 through 3.0.1.6 before iFix8: Apply iFix8 to resolve the issue. Rational Team Concert versions 4.0 through 4.0.7 before iFix11: Apply iFix11 to resolve the issue. Rational Team Concert versions 5.0 through 5.0.2 before iFix18: Apply iFix18 to resolve the issue. Rational Team Concert versions 6.0 through 6.0.2 before iFix5: Apply iFix5 to resolve the issue. Rational DOORS Next Generation versions 4.0 through 4.0.7 before iFix11: Apply iFix11 to resolve the issue. Rational DOORS Next Generation versions 5.0 through 5.0.2 before iFix18: Apply iFix18 to resolve the issue. Rational DOORS Next Generation versions 6.0 through 6.0.2 before iFix5: Apply iFix5 to resolve the issue. Rational Engineering Lifecycle Manager versions 4.0 through 4.0.7 before iFix11: Apply iFix11 to resolve the issue. Rational Engineering Lifecycle Manager versions 5.0 through 5.0.2 before iFix18: Apply iFix18 to resolve the issue. Rational Engineering Lifecycle Manager versions 6.0 through 6.0.2 before iFix5: Apply iFix5 to resolve the issue. Rational Rhapsody Design Manager versions 4.0 through 4.0.7 before iFix11: Apply iFix11 to resolve the issue. Rational Rhapsody Design Manager versions 5.0 through 5.0.2 before iFix18: Apply iFix18 to resolve the issue. Rational Rhapsody Design Manager versions 6.0 through 6.0.2 before iFix5: Apply iFix5 to resolve the issue. Rational Software Architect Design Manager versions 4.0 through 4.0.7 before iFix11: Apply iFix11 to resolve the issue. Rational Software Architect Design Manager versions 5.0 through 5.0.2 before iFix18: Apply iFix18 to resolve the issue. Rational Software Architect Design Manager versions 6.0 through 6.0.2 before iFix5: Apply iFix5 to resolve the issue.