fkie_nvd - fkie_cve-2016-2865

fkie_cve-2016-2865

Vulnerability from fkie_nvd

Published

2016-07-15 18:59

Modified

2025-04-12 10:46

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21985865	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/91680
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21985865	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91680

Impacted products

Vendor	Product	Version
ibm	rational_team_concert	5.0.0
ibm	rational_team_concert	5.0.1
ibm	rational_team_concert	5.0.2
ibm	rational_collaborative_lifecycle_management	5.0.0
ibm	rational_collaborative_lifecycle_management	5.0.1
ibm	rational_collaborative_lifecycle_management	5.0.2
ibm	rational_team_concert	6.0.0
ibm	rational_team_concert	6.0.1
ibm	rational_collaborative_lifecycle_management	6.0.0
ibm	rational_collaborative_lifecycle_management	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request."
    },
    {
      "lang": "es",
      "value": "El componente GIT Integration en IBM Rational Team Concert (RTC) 5.x en versiones anteriores a 5.0.2 iFix14 y 6.x en versiones anteriores a 6.0.1 iFix5 y Rational Collaborative Lifecycle Management 5.x en versiones anteriores a 5.0.2 iFix14 y 6.x en versiones anteriores a 6.0.1 iFix5 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n mal formada."
    }
  ],
  "id": "CVE-2016-2865",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-15T18:59:07.170",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/91680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91680"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2016-2865 (GCVE-0-2016-2865)

Vulnerability from cvelistv5

Published

2016-07-15 18:00