1. Home
  2. CVE Database
  3. CVE-2016-0284
MEDIUM · 5.4

CVE-2016-0284

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 b...

Vulnerability Description

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
IbmRational Software Architect Design Manager4.0.0
IbmRational Collaborative Lifecycle Management3.0.1.6
IbmRational Team Concert3.0.1.6
IbmRational Quality Manager3.0.1.6
IbmRational Doors Next Generation4.0.0
IbmRational Engineering Lifecycle Manager4.0.0
IbmRational Rhapsody Design Manager4.0

Related Weaknesses (CWE)

CWE-611

References

FAQ

What is CVE-2016-0284?

CVE-2016-0284 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 b...

How severe is CVE-2016-0284?

CVE-2016-0284 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0284?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Software Architect Design Manager, Ibm Rational Collaborative Lifecycle Management, Ibm Rational Team Concert, Ibm Rational Quality Manager, Ibm Rational Doors Next Generation.