CVE-2014-6131

IBM Rational DOORS Next Generation - Authenticated Unauthorized Dashboard Access

Title source: llm
STIX 2.1

Description

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21698247

Scores

EPSS 0.0133
EPSS Percentile 67.7%

Details

CWE
CWE-200
Status published
Products (50)
ibm/rational_collaborative_lifecycle_management 3.0.0
ibm/rational_collaborative_lifecycle_management 3.0.1
ibm/rational_collaborative_lifecycle_management 3.0.1.1
ibm/rational_collaborative_lifecycle_management 3.0.1.2
ibm/rational_collaborative_lifecycle_management 3.0.1.3
ibm/rational_collaborative_lifecycle_management 3.0.1.4
ibm/rational_collaborative_lifecycle_management 3.0.1.5
ibm/rational_collaborative_lifecycle_management 3.0.1.6
ibm/rational_collaborative_lifecycle_management 4.0.0
ibm/rational_collaborative_lifecycle_management 4.0.1
... and 40 more
Published Mar 18, 2015
Tracked Since Feb 18, 2026