CVE-2015-0113

Name of the Vulnerable Software and Affected Versions IBM Rational Collaborative Lifecycle Management versions 4.0 through 5.0.2 IBM Rational Quality Manager versions 4.0 through 4.0.7 and 5.0 through 5.0.2 IBM Rational Team Concert versions 4.0 through 4.0.7 and 5.0 through 5.0.2 IBM Rational Requirements Composer versions 4.0 through 4.0.7 IBM Rational DOORS Next Generation versions 4.0 through 4.0.7 and 5.0 through 5.0.2 IBM Rational Engineering Lifecycle Manager versions 4.0.3 through 4.0.7 and 5.0 through 5.0.2 IBM Rational Rhapsody Design Manager versions 4.0 through 4.0.7 and 5.0 through 5.0.2 IBM Rational Software Architect Design Manager versions 4.0 through 4.0.7 and 5.0 through 5.0.2

Description The Jazz help system in the affected IBM products allows remote attackers to read JSP source code via a crafted request.

Recommendations For IBM Rational Collaborative Lifecycle Management versions 4.0 through 5.0.2, update to a version outside of this range. For IBM Rational Quality Manager versions 4.0 through 4.0.7 and 5.0 through 5.0.2, update to a version outside of this range. For IBM Rational Team Concert versions 4.0 through 4.0.7 and 5.0 through 5.0.2, update to a version outside of this range. For IBM Rational Requirements Composer versions 4.0 through 4.0.7, update to a version outside of this range. For IBM Rational DOORS Next Generation versions 4.0 through 4.0.7 and 5.0 through 5.0.2, update to a version outside of this range. For IBM Rational Engineering Lifecycle Manager versions 4.0.3 through 4.0.7 and 5.0 through 5.0.2, update to a version outside of this range. For IBM Rational Rhapsody Design Manager versions 4.0 through 4.0.7 and 5.0 through 5.0.2, update to a version outside of this range. For IBM Rational Software Architect Design Manager versions 4.0 through 4.0.7 and 5.0 through 5.0.2, update to a version outside of this range.