CVE-2015-4962

Name of the Vulnerable Software and Affected Versions Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) versions 3.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1 Rational Quality Manager (RQM) versions 3.x through 3.0.1.6 IF6, 4.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1 Rational Team Concert (RTC) versions 3.x through 3.0.1.6 IF6, 4.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1 Rational Requirements Composer (RRC) versions 3.x through 3.0.1.6 IF6 and 4.x through 4.0.7 IF8 Rational DOORS Next Generation (RDNG) versions 4.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1 Rational Engineering Lifecycle Manager (RELM) versions 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 Rational Rhapsody Design Manager (DM) versions 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 Rational Software Architect Design Manager (DM) versions 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1

Description The issue is related to weak permissions for unspecified project areas in the affected software, allowing remote authenticated users to obtain sensitive information via unknown vectors.

Recommendations For Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) versions 3.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1, update to version 4.0.7 IF9, 5.0.2 IF9, or 6.0.1 or later. For Rational Quality Manager (RQM) versions 3.x through 3.0.1.6 IF6, 4.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1, update to version 3.0.1.6 IF7, 4.0.7 IF9, 5.0.2 IF9, or 6.0.1 or later. For Rational Team Concert (RTC) versions 3.x through 3.0.1.6 IF6, 4.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1, update to version 3.0.1.6 IF7, 4.0.7 IF9, 5.0.2 IF9, or 6.0.1 or later. For Rational Requirements Composer (RRC) versions 3.x through 3.0.1.6 IF6 and 4.x through 4.0.7 IF8, update to version 3.0.1.6 IF7 or 4.0.7 IF9 or later. For Rational DOORS Next Generation (RDNG) versions 4.x through 4.0.7 IF8, 5.x through 5.0.2 IF8, and 6.x before 6.0.1, update to version 4.0.7 IF9, 5.0.2 IF9, or 6.0.1 or later. For Rational Engineering Lifecycle Manager (RELM) versions 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1, update to version 4.0.7 IF9, 5.0.2 IF9, or 6.0.1 or later. For Rational Rhapsody Design Manager (DM) versions 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1, update to version 4.0.7 IF9, 5.0.2 IF9, or 6.0.1 or later. For Rational Software Architect Design Manager (DM) versions 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1, update to version 4.0.7 IF9, 5.0.2 IF9, or 6.0.1 or later.