Vulnerability Description
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Quality Manager | 3.0 |
| Ibm | Rational Requirements Composer | 3.0 |
| Ibm | Rational Doors Next Generation | 4.0 |
| Ibm | Rational Team Concert | 3.0 |
| Ibm | Rational Collaborative Lifecycle Management | 3.0.1 |
| Ibm | Rational Engineering Lifecycle Manager | 4.0.3 |
| Ibm | Rational Rhapsody Design Manager | 4.0 |
| Ibm | Rational Software Architect Design Manager | 4.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21983720Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/109693VDB EntryVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21983720Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/109693VDB EntryVendor Advisory
FAQ
What is CVE-2016-0219?
CVE-2016-0219 is a vulnerability with a CVSS score of 6.5 (MEDIUM). XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote ...
How severe is CVE-2016-0219?
CVE-2016-0219 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0219?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Quality Manager, Ibm Rational Requirements Composer, Ibm Rational Doors Next Generation, Ibm Rational Team Concert, Ibm Rational Collaborative Lifecycle Management.