exploitDog

CVE-2017-1700

Опубликовано: 24 апр. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22015635
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/134392
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22015635
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/134392
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*

Версия от 5.0 (исключая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.1 (включая)

cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.2 (включая)

cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.0.5 (включая)

EPSS

Процентиль: 50%

0.00269

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-67q4-rq8g-wxrq

CVSS3: 6.5

github

больше 3 лет назад

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.

EPSS

Процентиль: 50%

0.00269

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863