IBM Security Bulletin: Vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7440, CVE-2015-7453, CVE-2015-7471)

Share this post:

Vulnerabilities in the IBM Jazz Foundation affects the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM).

CVE(s):CVE-2015-7440, CVE-2015-7453, CVE-2015-7471

Affected product(s) and affected version(s):

Rational Collaborative Lifecycle Management 3.0.1 – 6.0.1

Rational Quality Manager 3.0 – 3.0.1.6
Rational Quality Manager 4.0 – 4.0.7
Rational Quality Manager 5.0 – 5.0.2
Rational Quality Manager 6.0 – 6.0.1

Rational Team Concert 3.0 – 3.0.6
Rational Team Concert 4.0 – 4.0.7
Rational Team Concert 5.0 – 5.0.2
Rational Team Concert 6.0 – 6.0.1

Rational Requirements Composer 3.0 – 3.0.1.6
Rational Requirements Composer 4.0 – 4.0.7

Rational DOORS Next Generation 4.0 – 4.0.7
Rational DOORS Next Generation 5.0 – 5.0.2
Rational DOORS Next Generation 6.0 – 6.0.1

Rational Engineering Lifecycle Manager 4.0.3 – 4.0.7
Rational Engineering Lifecycle Manager 5.0 – 5.0.2
Rational Engineering Lifecycle Manager 6.0 – 6.0.1

Rational Rhapsody Design Manager 4.0 – 4.0.7
Rational Rhapsody Design Manager 5.0 – 5.0.2
Rational Rhapsody Design Manager 6.0 – 6.0.1

Rational Software Architect Design Manager 4.0 – 4.0.7
Rational Software Architect Design Manager 5.0 – 5.0.2
Rational Software Architect Design Manager 6.0 – 6.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21982747
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/108098
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/108296
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/108429

More stories

IBM Product Security Incident Response

Acknowledgement

May 20, 2020 9:00 am EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2021 Keith Lee Credit to Hassan Raza Disclosures for 2020 Honggang Ren of Fortinet’s FortiGuard Labs Pawel Gocyla, (ING Tech Poland) Dries Eestermans, (nynox-dries) ...read more


A new and advanced Rowhammer-based attack on DDR4 memory

Mar 11, 2020 8:59 am EDT

A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments. Vulnerability exploitation on IBM Power processor architectures, IBM Z-based architectures, IBM Cloud and IBM storage products would be difficult. No customer actions are currently required. IBM Power ...read more


XSA-353 Security Vulnerabilities

Nov 13, 2019 12:30 pm EST

Security vulnerability CVE-2020-29479 could potentially enable a denial of service attack or allow unauthorized access to the hypervisor, and is addressed by Citrix in XSA-353 security advisories. IBM Cloud has worked with its technology partners to deploy mitigation and remediation measures. There is no known malicious exploit of this vulnerability at this time. ...read more