CVE-2016-2865

MEDIUM

IBM Rational Team Concert and Collaborative Lifecycle Management - Exposure of Sensitive Information via GIT Integration

Title source: llm
STIX 2.1

Description

The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91680
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21985865

Scores

CVSS v3 6.5
EPSS 0.0105
EPSS Percentile 60.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (10)
ibm/rational_collaborative_lifecycle_management 5.0.0
ibm/rational_collaborative_lifecycle_management 5.0.1
ibm/rational_collaborative_lifecycle_management 5.0.2
ibm/rational_collaborative_lifecycle_management 6.0.0
ibm/rational_collaborative_lifecycle_management 6.0.1
ibm/rational_team_concert 5.0.0
ibm/rational_team_concert 5.0.1
ibm/rational_team_concert 5.0.2
ibm/rational_team_concert 6.0.0
ibm/rational_team_concert 6.0.1
Published Jul 15, 2016
Tracked Since Feb 18, 2026