CVE-2015-0113: Infoleak
First published: Mon Apr 27 2015(Updated: )
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Software Architect | =4.0.0 | |
| IBM Rational Software Architect | =4.0.1 | |
| IBM Rational Software Architect | =4.0.2 | |
| IBM Rational Software Architect | =4.0.3 | |
| IBM Rational Software Architect | =4.0.4 | |
| IBM Rational Software Architect | =4.0.5 | |
| IBM Rational Software Architect | =4.0.6 | |
| IBM Rational Software Architect | =4.0.7 | |
| IBM Rational Software Architect | =5.0 | |
| IBM Rational Software Architect | =5.0.1 | |
| IBM Rational Software Architect | =5.0.2 | |
| IBM Rational Team Concert | =4.0 | |
| IBM Rational Team Concert | =4.0.0.1 | |
| IBM Rational Team Concert | =4.0.0.2 | |
| IBM Rational Team Concert | =4.0.1 | |
| IBM Rational Team Concert | =4.0.2 | |
| IBM Rational Team Concert | =4.0.3 | |
| IBM Rational Team Concert | =4.0.4 | |
| IBM Rational Team Concert | =4.0.5 | |
| IBM Rational Team Concert | =4.0.6 | |
| IBM Rational Team Concert | =4.0.7 | |
| IBM Rational Team Concert | =5.0.0 | |
| IBM Rational Team Concert | =5.0.1 | |
| IBM Rational Team Concert | =5.0.2 | |
| IBM Rational Rhapsody | =4.0 | |
| IBM Rational Rhapsody | =4.0.1 | |
| IBM Rational Rhapsody | =4.0.2 | |
| IBM Rational Rhapsody | =4.0.3 | |
| IBM Rational Rhapsody | =4.0.4 | |
| IBM Rational Rhapsody | =4.0.5 | |
| IBM Rational Rhapsody | =4.0.6 | |
| IBM Rational Rhapsody | =4.0.7 | |
| IBM Rational Rhapsody | =5.0 | |
| IBM Rational Rhapsody | =5.0.1 | |
| IBM Rational Rhapsody | =5.0.2 | |
| IBM Collaborative Lifecycle Management | =4.0.0 | |
| IBM Collaborative Lifecycle Management | =4.0.1 | |
| IBM Collaborative Lifecycle Management | =4.0.2 | |
| IBM Collaborative Lifecycle Management | =4.0.3 | |
| IBM Collaborative Lifecycle Management | =4.0.4 | |
| IBM Collaborative Lifecycle Management | =4.0.5 | |
| IBM Collaborative Lifecycle Management | =4.0.6 | |
| IBM Collaborative Lifecycle Management | =4.0.7 | |
| IBM Collaborative Lifecycle Management | =5.0.0 | |
| IBM Collaborative Lifecycle Management | =5.0.1 | |
| IBM Collaborative Lifecycle Management | =5.0.2 | |
| IBM Rational Requirements Composer | =4.0.0 | |
| IBM Rational Requirements Composer | =4.0.0.1 | |
| IBM Rational Requirements Composer | =4.0.0.2 | |
| IBM Rational Requirements Composer | =4.0.1 | |
| IBM Rational Requirements Composer | =4.0.2 | |
| IBM Rational Requirements Composer | =4.0.3 | |
| IBM Rational Requirements Composer | =4.0.4 | |
| IBM Rational Requirements Composer | =4.0.5 | |
| IBM Rational Requirements Composer | =4.0.6 | |
| IBM Rational Requirements Composer | =4.0.7 | |
| IBM Rational DOORS | =4.0.0 | |
| IBM Rational DOORS | =4.0.1 | |
| IBM Rational DOORS | =4.0.2 | |
| IBM Rational DOORS | =4.0.3 | |
| IBM Rational DOORS | =4.0.4 | |
| IBM Rational DOORS | =4.0.5 | |
| IBM Rational DOORS | =4.0.6 | |
| IBM Rational DOORS | =4.0.7 | |
| IBM Rational DOORS | =5.0.1 | |
| IBM Rational DOORS | =5.0.2 | |
| IBM Engineering Lifecycle Manager | =4.0.3 | |
| IBM Engineering Lifecycle Manager | =4.0.4 | |
| IBM Engineering Lifecycle Manager | =4.0.5 | |
| IBM Engineering Lifecycle Manager | =4.0.6 | |
| IBM Engineering Lifecycle Manager | =4.0.7 | |
| IBM Engineering Lifecycle Manager | =5.0 | |
| IBM Engineering Lifecycle Manager | =5.0.1 | |
| IBM Engineering Lifecycle Manager | =5.0.2 | |
| IBM Rational Quality Manager | =4.0 | |
| IBM Rational Quality Manager | =4.0.0.1 | |
| IBM Rational Quality Manager | =4.0.0.2 | |
| IBM Rational Quality Manager | =4.0.1 | |
| IBM Rational Quality Manager | =4.0.2 | |
| IBM Rational Quality Manager | =4.0.3 | |
| IBM Rational Quality Manager | =4.0.4 | |
| IBM Rational Quality Manager | =4.0.5 | |
| IBM Rational Quality Manager | =4.0.7 | |
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0113?
CVE-2015-0113 has a medium severity rating due to the potential impact of user data exposure.
How do I fix CVE-2015-0113?
To fix CVE-2015-0113, update your affected IBM Rational software to the latest version provided by IBM.
Which IBM products are affected by CVE-2015-0113?
CVE-2015-0113 affects multiple IBM products including Rational Collaborative Lifecycle Management, Rational Quality Manager, and Rational Team Concert among others.
When was CVE-2015-0113 disclosed?
CVE-2015-0113 was disclosed on January 22, 2015.
What is the impact of CVE-2015-0113?
The impact of CVE-2015-0113 may allow attackers to access sensitive information through the affected IBM applications.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational software architect
- version/ibm rational software architect/4.0.0
- version/ibm rational software architect/4.0.1
- version/ibm rational software architect/4.0.2
- version/ibm rational software architect/4.0.3
- version/ibm rational software architect/4.0.4
- version/ibm rational software architect/4.0.5
- version/ibm rational software architect/4.0.6
- version/ibm rational software architect/4.0.7
- version/ibm rational software architect/5.0
- version/ibm rational software architect/5.0.1
- version/ibm rational software architect/5.0.2
- canonical/ibm rational team concert
- version/ibm rational team concert/4.0
- version/ibm rational team concert/4.0.0.1
- version/ibm rational team concert/4.0.0.2
- version/ibm rational team concert/4.0.1
- version/ibm rational team concert/4.0.2
- version/ibm rational team concert/4.0.3
- version/ibm rational team concert/4.0.4
- version/ibm rational team concert/4.0.5
- version/ibm rational team concert/4.0.6
- version/ibm rational team concert/4.0.7
- version/ibm rational team concert/5.0.0
- version/ibm rational team concert/5.0.1
- version/ibm rational team concert/5.0.2
- canonical/ibm rational rhapsody
- version/ibm rational rhapsody/4.0
- version/ibm rational rhapsody/4.0.1
- version/ibm rational rhapsody/4.0.2
- version/ibm rational rhapsody/4.0.3
- version/ibm rational rhapsody/4.0.4
- version/ibm rational rhapsody/4.0.5
- version/ibm rational rhapsody/4.0.6
- version/ibm rational rhapsody/4.0.7
- version/ibm rational rhapsody/5.0
- version/ibm rational rhapsody/5.0.1
- version/ibm rational rhapsody/5.0.2
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/4.0.0
- version/ibm collaborative lifecycle management/4.0.1
- version/ibm collaborative lifecycle management/4.0.2
- version/ibm collaborative lifecycle management/4.0.3
- version/ibm collaborative lifecycle management/4.0.4
- version/ibm collaborative lifecycle management/4.0.5
- version/ibm collaborative lifecycle management/4.0.6
- version/ibm collaborative lifecycle management/4.0.7
- version/ibm collaborative lifecycle management/5.0.0
- version/ibm collaborative lifecycle management/5.0.1
- version/ibm collaborative lifecycle management/5.0.2
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/4.0.0
- version/ibm rational requirements composer/4.0.0.1
- version/ibm rational requirements composer/4.0.0.2
- version/ibm rational requirements composer/4.0.1
- version/ibm rational requirements composer/4.0.2
- version/ibm rational requirements composer/4.0.3
- version/ibm rational requirements composer/4.0.4
- version/ibm rational requirements composer/4.0.5
- version/ibm rational requirements composer/4.0.6
- version/ibm rational requirements composer/4.0.7
- canonical/ibm rational doors
- version/ibm rational doors/4.0.0
- version/ibm rational doors/4.0.1
- version/ibm rational doors/4.0.2
- version/ibm rational doors/4.0.3
- version/ibm rational doors/4.0.4
- version/ibm rational doors/4.0.5
- version/ibm rational doors/4.0.6
- version/ibm rational doors/4.0.7
- version/ibm rational doors/5.0.1
- version/ibm rational doors/5.0.2
- canonical/ibm engineering lifecycle manager
- version/ibm engineering lifecycle manager/4.0.3
- version/ibm engineering lifecycle manager/4.0.4
- version/ibm engineering lifecycle manager/4.0.5
- version/ibm engineering lifecycle manager/4.0.6
- version/ibm engineering lifecycle manager/4.0.7
- version/ibm engineering lifecycle manager/5.0
- version/ibm engineering lifecycle manager/5.0.1
- version/ibm engineering lifecycle manager/5.0.2
- canonical/ibm rational quality manager
- version/ibm rational quality manager/4.0
- version/ibm rational quality manager/4.0.0.1
- version/ibm rational quality manager/4.0.0.2
- version/ibm rational quality manager/4.0.1
- version/ibm rational quality manager/4.0.2
- version/ibm rational quality manager/4.0.3
- version/ibm rational quality manager/4.0.4
- version/ibm rational quality manager/4.0.5
- version/ibm rational quality manager/4.0.7
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2