CVE-2015-0112 Information
Description
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1 3.0 through 3.0.1.6 4.0 through 4.0.7 and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2 3.x before 3.0.1.6 IF6 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4 3.x before 3.0.1.6 IF6 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1 4.0.3 through 4.0.7 and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1 4.0 through 4.0.7 and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue.
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21957763
Share on: