1. Home
  2. CVE Database
  3. CVE-2015-0113
MEDIUM · 5.0

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and...

Vulnerability Description

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IbmRational Software Architect Design Manager4.0.0
IbmRational Team Concert4.0
IbmRational Rhapsody Design Manager4.0
IbmRational Collaborative Lifecycle Management4.0.0
IbmRational Requirements Composer4.0.0
IbmRational Doors Next Generation4.0.0
IbmRational Engineering Lifecycle Manager4.0.3
IbmRational Quality Manager4.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2015-0113?

CVE-2015-0113 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and...

How severe is CVE-2015-0113?

CVE-2015-0113 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0113?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Software Architect Design Manager, Ibm Rational Team Concert, Ibm Rational Rhapsody Design Manager, Ibm Rational Collaborative Lifecycle Management, Ibm Rational Requirements Composer.