PT-2018-4424 · Ibm · Ibm Rational Engineering Lifecycle Manager

Published

2018-01-16

Updated

2018-02-01

CVE-2015-7484

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Rational Engineering Lifecycle Manager versions 3.0 through 3.0.1.6 iFix7 Interim Fix 1 IBM Rational Engineering Lifecycle Manager versions 4.0 through 4.0.7 iFix10

Description The issue allows remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the "Lifecycle Query Engine".

Recommendations For IBM Rational Engineering Lifecycle Manager versions 3.0 through 3.0.1.6 iFix7 Interim Fix 1, update to version 3.0.1.6 iFix7 Interim Fix 1 or later. For IBM Rational Engineering Lifecycle Manager versions 4.0 through 4.0.7 iFix10, update to version 4.0.7 iFix10 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-7484

Affected Products

Ibm Rational Engineering Lifecycle Manager

PT-2018-4424 · Ibm · Ibm Rational Engineering Lifecycle Manager

CVE-2015-7484

Weakness Enumeration

Related Identifiers

Affected Products

References · 3