CVE-2015-0112

Опубликовано: 07 июн. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in co

Комментарий

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21957763
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21957763
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:3.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*

Конфигурация 3