CVE-2016-0326

HIGH

IBM Rational Quality Manager <4.0.7-6.0.1 - RCE

Title source: llm
STIX 2.1

Description

IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93824
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21989735

Scores

CVSS v3 8.8
EPSS 0.0135
EPSS Percentile 68.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (29)
ibm/rational_collaborative_lifecycle_management 4.0.0
ibm/rational_collaborative_lifecycle_management 4.0.1
ibm/rational_collaborative_lifecycle_management 4.0.2
ibm/rational_collaborative_lifecycle_management 4.0.3
ibm/rational_collaborative_lifecycle_management 4.0.4
ibm/rational_collaborative_lifecycle_management 4.0.5
ibm/rational_collaborative_lifecycle_management 4.0.6
ibm/rational_collaborative_lifecycle_management 4.0.7
ibm/rational_collaborative_lifecycle_management 5.0.0
ibm/rational_collaborative_lifecycle_management 5.0.1
... and 19 more
Published Oct 22, 2016
Tracked Since Feb 18, 2026