Description
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
CVSS breakdown
CVSS 3.0
Availability
None
Attack Complexity
Low
Scope
Unchanged
Integrity
None
Confidentiality
High
Privileges Required
Low
Attack Vector
Network
User Interaction
None
RC
Changed
E
Unchanged
RL
O
Affected products
- ibm / Rational Collaborative Lifecycle Management6.0 – 6.0
- ibm / Rational Collaborative Lifecycle Management6.0.1 – 6.0.1
- ibm / Rational Collaborative Lifecycle Management6.0.2 – 6.0.2
- ibm / Rational Collaborative Lifecycle Management6.0.3 – 6.0.3
- ibm / Rational Collaborative Lifecycle Management6.0.4 – 6.0.4
- ibm / Rational Collaborative Lifecycle Management6.0.5 – 6.0.5
- ibm / Rational Collaborative Lifecycle Management6.0.6 – 6.0.6
- ibm / Rational Collaborative Lifecycle Management6.0.6.1 – 6.0.6.1