CVE-2016-0372: Infoleak
First published: Thu Nov 24 2016(Updated: )
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Team Concert | =3.0.1.6 | |
| IBM Rational Team Concert | =4.0.0 | |
| IBM Rational Team Concert | =4.0.1 | |
| IBM Rational Team Concert | =4.0.2 | |
| IBM Rational Team Concert | =4.0.3 | |
| IBM Rational Team Concert | =4.0.4 | |
| IBM Rational Team Concert | =4.0.5 | |
| IBM Rational Team Concert | =4.0.6 | |
| IBM Rational Team Concert | =4.0.7 | |
| IBM Rational Team Concert | =5.0.0 | |
| IBM Rational Team Concert | =5.0.1 | |
| IBM Rational Team Concert | =5.0.2 | |
| IBM Rational Team Concert | =6.0.0 | |
| IBM Rational Team Concert | =6.0.1 | |
| IBM Rational Team Concert | =6.0.2 | |
| IBM Rational Quality Manager | =3.0.1.6 | |
| IBM Rational Quality Manager | =4.0.0 | |
| IBM Rational Quality Manager | =4.0.1 | |
| IBM Rational Quality Manager | =4.0.2 | |
| IBM Rational Quality Manager | =4.0.3 | |
| IBM Rational Quality Manager | =4.0.4 | |
| IBM Rational Quality Manager | =4.0.5 | |
| IBM Rational Quality Manager | =4.0.6 | |
| IBM Rational Quality Manager | =4.0.7 | |
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 | |
| IBM Rational Quality Manager | =6.0.0 | |
| IBM Rational Quality Manager | =6.0.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Rational Software Architect | =4.0.0 | |
| IBM Rational Software Architect | =4.0.1 | |
| IBM Rational Software Architect | =4.0.2 | |
| IBM Rational Software Architect | =4.0.3 | |
| IBM Rational Software Architect | =4.0.4 | |
| IBM Rational Software Architect | =4.0.5 | |
| IBM Rational Software Architect | =4.0.6 | |
| IBM Rational Software Architect | =4.0.7 | |
| IBM Rational Software Architect | =5.0.0 | |
| IBM Rational Software Architect | =5.0.1 | |
| IBM Rational Software Architect | =5.0.2 | |
| IBM Rational Software Architect | =6.0.0 | |
| IBM Rational Software Architect | =6.0.1 | |
| IBM Rational Software Architect | =6.0.2 | |
| IBM Collaborative Lifecycle Management | =3.0.1.6 | |
| IBM Collaborative Lifecycle Management | =4.0.0 | |
| IBM Collaborative Lifecycle Management | =4.0.1 | |
| IBM Collaborative Lifecycle Management | =4.0.2 | |
| IBM Collaborative Lifecycle Management | =4.0.3 | |
| IBM Collaborative Lifecycle Management | =4.0.4 | |
| IBM Collaborative Lifecycle Management | =4.0.5 | |
| IBM Collaborative Lifecycle Management | =4.0.6 | |
| IBM Collaborative Lifecycle Management | =4.0.7 | |
| IBM Collaborative Lifecycle Management | =5.0.0 | |
| IBM Collaborative Lifecycle Management | =5.0.1 | |
| IBM Collaborative Lifecycle Management | =5.0.2 | |
| IBM Collaborative Lifecycle Management | =6.0.0 | |
| IBM Collaborative Lifecycle Management | =6.0.1 | |
| IBM Collaborative Lifecycle Management | =6.0.2 | |
| IBM Engineering Lifecycle Manager | =4.0.0 | |
| IBM Engineering Lifecycle Manager | =4.0.1 | |
| IBM Engineering Lifecycle Manager | =4.0.2 | |
| IBM Engineering Lifecycle Manager | =4.0.3 | |
| IBM Engineering Lifecycle Manager | =4.0.4 | |
| IBM Engineering Lifecycle Manager | =4.0.5 | |
| IBM Engineering Lifecycle Manager | =4.0.6 | |
| IBM Engineering Lifecycle Manager | =4.0.7 | |
| IBM Engineering Lifecycle Manager | =5.0.0 | |
| IBM Engineering Lifecycle Manager | =5.0.1 | |
| IBM Engineering Lifecycle Manager | =5.0.2 | |
| IBM Engineering Lifecycle Manager | =6.0.0 | |
| IBM Engineering Lifecycle Manager | =6.0.1 | |
| IBM Engineering Lifecycle Manager | =6.0.2 | |
| IBM Rational Rhapsody | =4.0 | |
| IBM Rational Rhapsody | =4.0.1 | |
| IBM Rational Rhapsody | =4.0.2 | |
| IBM Rational Rhapsody | =4.0.3 | |
| IBM Rational Rhapsody | =4.0.4 | |
| IBM Rational Rhapsody | =4.0.5 | |
| IBM Rational Rhapsody | =4.0.6 | |
| IBM Rational Rhapsody | =4.0.7 | |
| IBM Rational Rhapsody | =5.0.0 | |
| IBM Rational Rhapsody | =5.0.1 | |
| IBM Rational Rhapsody | =5.0.2 | |
| IBM Rational Rhapsody | =6.0.0 | |
| IBM Rational Rhapsody | =6.0.1 | |
| IBM Rational Rhapsody | =6.0.2 | |
| IBM Rational DOORS | =4.0.0 | |
| IBM Rational DOORS | =4.0.1 | |
| IBM Rational DOORS | =4.0.2 | |
| IBM Rational DOORS | =4.0.3 | |
| IBM Rational DOORS | =4.0.4 | |
| IBM Rational DOORS | =4.0.5 | |
| IBM Rational DOORS | =4.0.6 | |
| IBM Rational DOORS | =4.0.7 | |
| IBM Rational DOORS | =5.0.0 | |
| IBM Rational DOORS | =5.0.1 | |
| IBM Rational DOORS | =5.0.2 | |
| IBM Rational DOORS | =6.0.0 | |
| IBM Rational DOORS | =6.0.1 | |
| IBM Rational DOORS | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0372?
CVE-2016-0372 has a medium severity rating, indicating a moderate risk associated with the vulnerability.
How do I fix CVE-2016-0372?
The fix for CVE-2016-0372 involves upgrading to the appropriate version of IBM Rational Software products as specified in the vulnerability details.
Which versions are affected by CVE-2016-0372?
CVE-2016-0372 affects multiple versions of IBM Rational Collaborative Lifecycle Management, Rational Quality Manager, and Rational Team Concert prior to specific iFix releases.
What impact does CVE-2016-0372 have on affected IBM products?
CVE-2016-0372 can allow an attacker to exploit certain functionalities of the affected IBM products, potentially leading to unauthorized access.
Is CVE-2016-0372 a widespread vulnerability?
CVE-2016-0372 is not classified as widespread but impacts specific versions of IBM Rational products, making it critical for users with these versions to address it.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational team concert
- version/ibm rational team concert/3.0.1.6
- version/ibm rational team concert/4.0.0
- version/ibm rational team concert/4.0.1
- version/ibm rational team concert/4.0.2
- version/ibm rational team concert/4.0.3
- version/ibm rational team concert/4.0.4
- version/ibm rational team concert/4.0.5
- version/ibm rational team concert/4.0.6
- version/ibm rational team concert/4.0.7
- version/ibm rational team concert/5.0.0
- version/ibm rational team concert/5.0.1
- version/ibm rational team concert/5.0.2
- version/ibm rational team concert/6.0.0
- version/ibm rational team concert/6.0.1
- version/ibm rational team concert/6.0.2
- canonical/ibm rational quality manager
- version/ibm rational quality manager/3.0.1.6
- version/ibm rational quality manager/4.0.0
- version/ibm rational quality manager/4.0.1
- version/ibm rational quality manager/4.0.2
- version/ibm rational quality manager/4.0.3
- version/ibm rational quality manager/4.0.4
- version/ibm rational quality manager/4.0.5
- version/ibm rational quality manager/4.0.6
- version/ibm rational quality manager/4.0.7
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0.0
- version/ibm rational quality manager/6.0.1
- version/ibm rational quality manager/6.0.2
- canonical/ibm rational software architect
- version/ibm rational software architect/4.0.0
- version/ibm rational software architect/4.0.1
- version/ibm rational software architect/4.0.2
- version/ibm rational software architect/4.0.3
- version/ibm rational software architect/4.0.4
- version/ibm rational software architect/4.0.5
- version/ibm rational software architect/4.0.6
- version/ibm rational software architect/4.0.7
- version/ibm rational software architect/5.0.0
- version/ibm rational software architect/5.0.1
- version/ibm rational software architect/5.0.2
- version/ibm rational software architect/6.0.0
- version/ibm rational software architect/6.0.1
- version/ibm rational software architect/6.0.2
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/3.0.1.6
- version/ibm collaborative lifecycle management/4.0.0
- version/ibm collaborative lifecycle management/4.0.1
- version/ibm collaborative lifecycle management/4.0.2
- version/ibm collaborative lifecycle management/4.0.3
- version/ibm collaborative lifecycle management/4.0.4
- version/ibm collaborative lifecycle management/4.0.5
- version/ibm collaborative lifecycle management/4.0.6
- version/ibm collaborative lifecycle management/4.0.7
- version/ibm collaborative lifecycle management/5.0.0
- version/ibm collaborative lifecycle management/5.0.1
- version/ibm collaborative lifecycle management/5.0.2
- version/ibm collaborative lifecycle management/6.0.0
- version/ibm collaborative lifecycle management/6.0.1
- version/ibm collaborative lifecycle management/6.0.2
- canonical/ibm engineering lifecycle manager
- version/ibm engineering lifecycle manager/4.0.0
- version/ibm engineering lifecycle manager/4.0.1
- version/ibm engineering lifecycle manager/4.0.2
- version/ibm engineering lifecycle manager/4.0.3
- version/ibm engineering lifecycle manager/4.0.4
- version/ibm engineering lifecycle manager/4.0.5
- version/ibm engineering lifecycle manager/4.0.6
- version/ibm engineering lifecycle manager/4.0.7
- version/ibm engineering lifecycle manager/5.0.0
- version/ibm engineering lifecycle manager/5.0.1
- version/ibm engineering lifecycle manager/5.0.2
- version/ibm engineering lifecycle manager/6.0.0
- version/ibm engineering lifecycle manager/6.0.1
- version/ibm engineering lifecycle manager/6.0.2
- canonical/ibm rational rhapsody
- version/ibm rational rhapsody/4.0
- version/ibm rational rhapsody/4.0.1
- version/ibm rational rhapsody/4.0.2
- version/ibm rational rhapsody/4.0.3
- version/ibm rational rhapsody/4.0.4
- version/ibm rational rhapsody/4.0.5
- version/ibm rational rhapsody/4.0.6
- version/ibm rational rhapsody/4.0.7
- version/ibm rational rhapsody/5.0.0
- version/ibm rational rhapsody/5.0.1
- version/ibm rational rhapsody/5.0.2
- version/ibm rational rhapsody/6.0.0
- version/ibm rational rhapsody/6.0.1
- version/ibm rational rhapsody/6.0.2
- canonical/ibm rational doors
- version/ibm rational doors/4.0.0
- version/ibm rational doors/4.0.1
- version/ibm rational doors/4.0.2
- version/ibm rational doors/4.0.3
- version/ibm rational doors/4.0.4
- version/ibm rational doors/4.0.5
- version/ibm rational doors/4.0.6
- version/ibm rational doors/4.0.7
- version/ibm rational doors/5.0.0
- version/ibm rational doors/5.0.1
- version/ibm rational doors/5.0.2
- version/ibm rational doors/6.0.0
- version/ibm rational doors/6.0.1
- version/ibm rational doors/6.0.2