Description
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93824
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21989735
Scores
CVSS v3
8.8
EPSS
0.0135
EPSS Percentile
68.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (29)
ibm/rational_collaborative_lifecycle_management
4.0.0
ibm/rational_collaborative_lifecycle_management
4.0.1
ibm/rational_collaborative_lifecycle_management
4.0.2
ibm/rational_collaborative_lifecycle_management
4.0.3
ibm/rational_collaborative_lifecycle_management
4.0.4
ibm/rational_collaborative_lifecycle_management
4.0.5
ibm/rational_collaborative_lifecycle_management
4.0.6
ibm/rational_collaborative_lifecycle_management
4.0.7
ibm/rational_collaborative_lifecycle_management
5.0.0
ibm/rational_collaborative_lifecycle_management
5.0.1
... and 19 more
Published
Oct 22, 2016
Tracked Since
Feb 18, 2026