CVE-2016-2865

MEDIUM

IBM Rational Team Concert - Information Disclosure

Title source: rule

Description

The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request.

References (2)

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21985865

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91680

Scores

CVSS v3 6.5

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (10)

ibm/rational_team_concert

ibm/rational_collaborative_lifecycle_management

ibm/rational_team_concert

ibm/rational_collaborative_lifecycle_management

Timeline

Published Jul 15, 2016

Tracked Since Feb 18, 2026