CVE-2015-7484

Опубликовано: 16 янв. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21983720
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/108619
VDB Entry
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21983720
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/108619
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*

Версия от 3.0 (включая) до 3.0.1.6 (включая)

cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 4.0.7 (включая)

EPSS

Процентиль: 31%

0.00119

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-jwj5-7w3v-whc8