First published: Thu Mar 15 2018(Updated: )
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Rational Collaborative Lifecycle Management | >=3.0.1<=6.0.1 | |
IBM Rational Quality Manager | >=3.0<=3.0.1.6 | |
IBM Rational Quality Manager | >=4.0<=4.0.7 | |
IBM Rational Quality Manager | =5.0 | |
IBM Rational Quality Manager | =5.0.1 | |
IBM Rational Quality Manager | =5.0.2 | |
IBM Rational Quality Manager | =6.0 | |
IBM Rational Quality Manager | =6.0.1 | |
IBM Rational Team Concert | >=3.0<=3.0.6 | |
IBM Rational Team Concert | >=4.0<=4.0.7 | |
IBM Rational Team Concert | =5.0 | |
IBM Rational Team Concert | =5.0.1 | |
IBM Rational Team Concert | =5.0.2 | |
IBM Rational Team Concert | =6.0 | |
IBM Rational Team Concert | =6.0.1 | |
IBM Rational Requirements Composer | >=3.0<=3.0.1.6 | |
IBM Rational Requirements Composer | >=4.0<=4.0.7 | |
IBM Rational DOORS Next Generation | >=4.0<=4.0.7 | |
IBM Rational DOORS Next Generation | =5.0 | |
IBM Rational DOORS Next Generation | =5.0.1 | |
IBM Rational DOORS Next Generation | =5.0.2 | |
IBM Rational DOORS Next Generation | =6.0.0 | |
IBM Rational DOORS Next Generation | =6.0.1 | |
IBM Rational Engineering Lifecycle Manager | >=4.0.3<=4.0.7 | |
IBM Rational Engineering Lifecycle Manager | =5.0 | |
IBM Rational Engineering Lifecycle Manager | =5.0.1 | |
IBM Rational Engineering Lifecycle Manager | =5.0.2 | |
IBM Rational Engineering Lifecycle Manager | =6.0 | |
IBM Rational Engineering Lifecycle Manager | =6.0.1 | |
IBM Rational Rhapsody Design Manager | >=4.0<=4.0.7 | |
IBM Rational Rhapsody Design Manager | =5.0 | |
IBM Rational Rhapsody Design Manager | =5.0.1 | |
IBM Rational Rhapsody Design Manager | =5.0.2 | |
IBM Rational Rhapsody Design Manager | =6.0 | |
IBM Rational Rhapsody Design Manager | =6.0.1 | |
IBM Rational Software Architect Design Manager | >=4.0<=4.0.7 | |
IBM Rational Software Architect Design Manager | =5.0 | |
IBM Rational Software Architect Design Manager | =5.0.1 | |
IBM Rational Software Architect Design Manager | =5.0.2 | |
IBM Rational Software Architect Design Manager | =6.0 | |
IBM Rational Software Architect Design Manager | =6.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2015-7440.
The severity of CVE-2015-7440 is high.
IBM Rational Collaborative Lifecycle Management (CLM), Rational Quality Manager (RQM), Rational Team Concert, Rational Requirements Composer, Rational DOORS Next Generation, Rational Engineering Lifecycle Manager, Rational Rhapsody Design Manager, and Rational Software Architect Design Manager are affected.
Apply the specified iFix or upgrade to a version that includes the fix.
You can find more information about CVE-2015-7440 at the IBM support website and the IBM X-Force Exchange.