CVE-2015-0113

IBM Rational Software Architect Design Manager 4.0-4.0.7/5.0-5.0.2 - Unauthenticated JSP Source Code Exposure

Title source: llm
STIX 2.1

Description

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21882770

Scores

EPSS 0.0121
EPSS Percentile 64.7%

Details

CWE
CWE-200
Status published
Products (50)
ibm/rational_collaborative_lifecycle_management 4.0.0
ibm/rational_collaborative_lifecycle_management 4.0.1
ibm/rational_collaborative_lifecycle_management 4.0.2
ibm/rational_collaborative_lifecycle_management 4.0.3
ibm/rational_collaborative_lifecycle_management 4.0.4
ibm/rational_collaborative_lifecycle_management 4.0.5
ibm/rational_collaborative_lifecycle_management 4.0.6
ibm/rational_collaborative_lifecycle_management 4.0.7
ibm/rational_collaborative_lifecycle_management 5.0.0
ibm/rational_collaborative_lifecycle_management 5.0.1
... and 40 more
Published Apr 27, 2015
Tracked Since Feb 18, 2026