Medium Severity

IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology

Share this post:

Multiple security vulnerabilities affect components used by the following products that may affect those products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), IBM Rhapsody Model Manager and Rational Software Architect Design Manager (RSA DM).

CVE(s): CVE-2016-2175 CVE-2018-11797 CVE-2014-3577 CVE-2013-4366 CVE-2015-5262

Affected product(s) and affected version(s):

Rational Collaborative Lifecycle Management 6.0 – 6.0.6.1
Rational Quality Manager 6.0 – 6.0.6.1
Rational Team Concert 6.0 – 6.0.6.1
Rational DOORS Next Generation 6.0 – 6.0.6.1
Rational Engineering Lifecycle Manager 6.0 – 6.0.6.1
Rational Rhapsody Design Manager 6.0 – 6.0.6.1
Rational Software Architect Design Manager 6.0 – 6.0.1
IBM Rhapsody Model Manager  6.0.5-6.0.6.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/1087768

X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113548

X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150898

X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/95327

X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134307

X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/106932

More Medium Severity stories

Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by specially constructed messages. (CVE-2019-4432)

Jan 30, 2020 5:29 pm EST | Medium Severity

An error was found within IBM MQ and IBM MQ Appliance that allows an attacker to perform a denial of service attack by sending specifically crafted messages to a queue manager. Executing this attack will cause the queue manager to stop responding and CPU usage to increase to a high level. Affected Products and Versions ...read more


Security Bulletin: Information Exposure vulnerability found on IBM Security Secret Server (CVE-2019-4634)

Jan 5, 2020 7:56 pm EST | Medium Severity

This security bulletin describes plugging some potential, minor yet significant, information leaks by the IBM Security Secret Server Web server. IBM Security Secret Server may unintentionally disclose information about their underlying technologies through headers, error messages, version numbers, or other identifying information. An attacker can use that information to research vulnerabilities in those technologies to ...read more


Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Jan 5, 2020 7:39 pm EST | Medium Severity

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected Products and Versions CPS v3.0.2.0 – 3.0.2.1, ...read more