CVE-2016-0325

Vulnerability Summary

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 prior to 4.0.7 iFix11, 5.0 prior to 5.0.2 iFix18, and 6.0 prior to 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 prior to 4.0.7 iFix11, 5.0 prior to 5.0.2 iFix18, and 6.0 prior to 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 prior to 4.0.7 iFix11, 5.0 prior to 5.0.2 iFix18, and 6.0 prior to 6.0.2 iFix5; Rational DOORS Next Generation 4.0 prior to 4.0.7 iFix11, 5.0 prior to 5.0.2 iFix18, and 6.0 prior to 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x prior to 4.0.7 iFix11, 5.0 prior to 5.0.2 iFix18, and 6.0 prior to 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 prior to 4.0.7 iFix11, 5.0 prior to 5.0.2 iFix18, and 6.0 prior to 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 prior to 4.0.7 iFix11, 5.0 prior to 5.0.2 iFix18, and 6.0 prior to 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request.

References