CVE-2015-7449: Infoleak
First published: Tue Mar 20 2018(Updated: )
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Collaborative Lifecycle Management | >=4.0.0<=6.0.2 | |
| IBM Rational Quality Manager | >=4.0.0<=4.0.7 | |
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 | |
| IBM Rational Quality Manager | =6.0.0 | |
| IBM Rational Quality Manager | =6.0.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Rational Team Concert | >=4.0.0<=4.0.7 | |
| IBM Rational Team Concert | =5.0.0 | |
| IBM Rational Team Concert | =5.0.1 | |
| IBM Rational Team Concert | =5.0.2 | |
| IBM Rational Team Concert | =6.0.0 | |
| IBM Rational Team Concert | =6.0.1 | |
| IBM Rational Team Concert | =6.0.2 | |
| IBM Rational Requirements Composer | >=4.0.0<=4.0.7 | |
| IBM Rational DOORS Next Generation | >=4.0.0<=4.0.7 | |
| IBM Rational DOORS Next Generation | =5.0.0 | |
| IBM Rational DOORS Next Generation | =5.0.1 | |
| IBM Rational DOORS Next Generation | =5.0.2 | |
| IBM Rational DOORS Next Generation | =6.0.0 | |
| IBM Rational DOORS Next Generation | =6.0.1 | |
| IBM Rational DOORS Next Generation | =6.0.2 | |
| IBM Rational Engineering Lifecycle Manager | >=4.0.3<=4.0.7 | |
| IBM Rational Engineering Lifecycle Manager | =5.0.0 | |
| IBM Rational Engineering Lifecycle Manager | =5.0.1 | |
| IBM Rational Engineering Lifecycle Manager | =5.0.2 | |
| IBM Rational Engineering Lifecycle Manager | =6.0.0 | |
| IBM Rational Engineering Lifecycle Manager | =6.0.1 | |
| IBM Rational Engineering Lifecycle Manager | =6.0.2 | |
| IBM Rational Rhapsody Design Manager | >=4.0<=4.0.7 | |
| IBM Rational Rhapsody Design Manager | =5.0.0 | |
| IBM Rational Rhapsody Design Manager | =5.0.1 | |
| IBM Rational Rhapsody Design Manager | =5.0.2 | |
| IBM Rational Rhapsody Design Manager | =6.0.0 | |
| IBM Rational Rhapsody Design Manager | =6.0.1 | |
| IBM Rational Rhapsody Design Manager | =6.0.2 | |
| IBM Rational Software Architect Design Manager | >=4.0.0<=4.0.7 | |
| IBM Rational Software Architect Design Manager | =5.0.0 | |
| IBM Rational Software Architect Design Manager | =5.0.1 | |
| IBM Rational Software Architect Design Manager | =5.0.2 | |
| IBM Rational Software Architect Design Manager | =6.0.0 | |
| IBM Rational Software Architect Design Manager | =6.0.1 | |
| IBM Rational Software Architect Design Manager | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7449?
The severity of CVE-2015-7449 is low.
Which versions of IBM Rational Collaborative Lifecycle Management (CLM) are affected by CVE-2015-7449?
IBM Rational Collaborative Lifecycle Management (CLM) versions 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 are affected by CVE-2015-7449.
Which versions of Rational Quality Manager (RQM) are affected by CVE-2015-7449?
Rational Quality Manager (RQM) versions 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 are affected by CVE-2015-7449.
Are there any patches or fixes available for CVE-2015-7449?
Yes, IBM has released iFixes to address the vulnerability. Please refer to the IBM support website for more information.
Is there any additional information available about CVE-2015-7449?
Yes, you can find more information about CVE-2015-7449 on the IBM support website and the IBM X-Force Exchange.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational collaborative lifecycle management
- version/ibm rational collaborative lifecycle management/4.0.0
- version/ibm rational collaborative lifecycle management/6.0.2
- canonical/ibm rational quality manager
- version/ibm rational quality manager/4.0.0
- version/ibm rational quality manager/4.0.7
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0.0
- version/ibm rational quality manager/6.0.1
- version/ibm rational quality manager/6.0.2
- canonical/ibm rational team concert
- version/ibm rational team concert/4.0.0
- version/ibm rational team concert/4.0.7
- version/ibm rational team concert/5.0.0
- version/ibm rational team concert/5.0.1
- version/ibm rational team concert/5.0.2
- version/ibm rational team concert/6.0.0
- version/ibm rational team concert/6.0.1
- version/ibm rational team concert/6.0.2
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/4.0.0
- version/ibm rational requirements composer/4.0.7
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/4.0.0
- version/ibm rational doors next generation/4.0.7
- version/ibm rational doors next generation/5.0.0
- version/ibm rational doors next generation/5.0.1
- version/ibm rational doors next generation/5.0.2
- version/ibm rational doors next generation/6.0.0
- version/ibm rational doors next generation/6.0.1
- version/ibm rational doors next generation/6.0.2
- canonical/ibm rational engineering lifecycle manager
- version/ibm rational engineering lifecycle manager/4.0.3
- version/ibm rational engineering lifecycle manager/4.0.7
- version/ibm rational engineering lifecycle manager/5.0.0
- version/ibm rational engineering lifecycle manager/5.0.1
- version/ibm rational engineering lifecycle manager/5.0.2
- version/ibm rational engineering lifecycle manager/6.0.0
- version/ibm rational engineering lifecycle manager/6.0.1
- version/ibm rational engineering lifecycle manager/6.0.2
- canonical/ibm rational rhapsody design manager
- version/ibm rational rhapsody design manager/4.0
- version/ibm rational rhapsody design manager/4.0.7
- version/ibm rational rhapsody design manager/5.0.0
- version/ibm rational rhapsody design manager/5.0.1
- version/ibm rational rhapsody design manager/5.0.2
- version/ibm rational rhapsody design manager/6.0.0
- version/ibm rational rhapsody design manager/6.0.1
- version/ibm rational rhapsody design manager/6.0.2
- canonical/ibm rational software architect design manager
- version/ibm rational software architect design manager/4.0.0
- version/ibm rational software architect design manager/4.0.7
- version/ibm rational software architect design manager/5.0.0
- version/ibm rational software architect design manager/5.0.1
- version/ibm rational software architect design manager/5.0.2
- version/ibm rational software architect design manager/6.0.0
- version/ibm rational software architect design manager/6.0.1
- version/ibm rational software architect design manager/6.0.2