1. Home
  2. CVE Database
  3. CVE-2017-1602
MEDIUM · 4.3

CVE-2017-1602

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force...

Vulnerability Description

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
IbmRational Collaborative Lifecycle Management>= 4.0.0, <= 6.0.5
IbmRational Quality Manager>= 4.0.0, <= 4.0.7
IbmRational Team Concert>= 4.0.0, <= 4.0.7
IbmRational Doors Next Generation>= 4.0.1, <= 4.0.7
IbmRational Engineering Lifecycle Manager>= 4.0.3, <= 4.0.7
IbmRational Rhapsody Design Manager>= 4.0, <= 4.0.7
IbmRational Software Architect Design Manager>= 4.0.0, <= 4.0.7

Related Weaknesses (CWE)

CWE-552

References

FAQ

What is CVE-2017-1602?

CVE-2017-1602 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force...

How severe is CVE-2017-1602?

CVE-2017-1602 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-1602?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Collaborative Lifecycle Management, Ibm Rational Quality Manager, Ibm Rational Team Concert, Ibm Rational Doors Next Generation, Ibm Rational Engineering Lifecycle Manager.