CVE-2014-6131
IBM Rational DOORS Next Generation - Authenticated Unauthorized Dashboard Access
Title source: llmDescription
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21698247
Scores
EPSS
0.0133
EPSS Percentile
67.7%
Details
CWE
CWE-200
Status
published
Products (50)
ibm/rational_collaborative_lifecycle_management
3.0.0
ibm/rational_collaborative_lifecycle_management
3.0.1
ibm/rational_collaborative_lifecycle_management
3.0.1.1
ibm/rational_collaborative_lifecycle_management
3.0.1.2
ibm/rational_collaborative_lifecycle_management
3.0.1.3
ibm/rational_collaborative_lifecycle_management
3.0.1.4
ibm/rational_collaborative_lifecycle_management
3.0.1.5
ibm/rational_collaborative_lifecycle_management
3.0.1.6
ibm/rational_collaborative_lifecycle_management
4.0.0
ibm/rational_collaborative_lifecycle_management
4.0.1
... and 40 more
Published
Mar 18, 2015
Tracked Since
Feb 18, 2026