Description
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945.
CVSS breakdown
CVSS 3.0
Availability
Low
Attack Complexity
Low
Attack Vector
Network
Confidentiality
High
Integrity
None
Privileges Required
Low
Scope
Unchanged
User Interaction
None
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / Rational Engineering Lifecycle Manager5.0 – 5.0
- ibm / Rational Engineering Lifecycle Manager6.0 – 6.0
- ibm / Rational Engineering Lifecycle Manager6.0.1 – 6.0.1
- ibm / Rational Engineering Lifecycle Manager6.0.2 – 6.0.2
- ibm / Rational Engineering Lifecycle Manager6.0.3 – 6.0.3
- ibm / Rational Engineering Lifecycle Manager6.0.4 – 6.0.4
- ibm / Rational Engineering Lifecycle Manager6.0.5 – 6.0.5
- ibm / Rational Engineering Lifecycle Manager6.0.6 – 6.0.6
- ibm / Rational Engineering Lifecycle Manager5.01 – 5.01
- ibm / Rational Engineering Lifecycle Manager5.02 – 5.02