Details of VAR-201711-0485

ID

VAR-201711-0485

CVE

CVE-2017-1570

TITLE

IBM Jazz Foundation Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010847

DESCRIPTION

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. Vendors have confirmed this vulnerability IBM X-Force ID: 131852 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. IBM Jazz Team Server affects the following IBM Rational products: Collaborative Lifecycle Management (CLM) Rational DOORS Next Generation (RDNG) Rational Engineering Lifecycle Manager (RELM) Rational Team Concert (RTC) Rational Quality Manager (RQM) Rational Rhapsody Design Manager (Rhapsody DM) Rational Software Architect (RSA DM)

Trust: 1.89

sources: NVD: CVE-2017-1570 // JVNDB: JVNDB-2017-010847 // BID: 102020

AFFECTED PRODUCTS

vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.3	Trust: 1.9
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.2	Trust: 1.9
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.1	Trust: 1.9
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.0.2	Trust: 1.9
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.0.1	Trust: 1.9
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	6.0.2	Trust: 1.6
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	6.0	Trust: 1.6
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	6.0.4	Trust: 1.6
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	6.0.3	Trust: 1.6
vendor:	ibm	model:	rational team concert	scope:	eq	version:	6.0.4	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	6.0.3	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	6.0.2	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.5	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.4	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	6.0	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	5.0	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.7	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0.6	Trust: 1.3
vendor:	ibm	model:	rational team concert	scope:	eq	version:	4.0	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.7	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.3	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.2	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.1	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	6.0	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	5.0	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.6	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.5	Trust: 1.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.4	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	6.0.4	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	6.0.3	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	6.0.2	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.7	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.4	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.3	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.2	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.1	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	6.0	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	5.0	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.6	Trust: 1.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.5	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	6.0.3	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	6.0.2	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	4.0.5	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	4.0.4	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	4.0.3	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	6.0.4	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	6.0	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	5.0	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	4.0.7	Trust: 1.3
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	eq	version:	4.0.6	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	6.0.4	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	6.0.3	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	6.0.2	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.7	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.5	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.4	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.3	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.2	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.1	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	6.0	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	5.0	Trust: 1.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.6	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	6.0.4	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	6.0.3	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.7	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	6.0	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.6	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.5	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.4	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.3	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.2	Trust: 1.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.1	Trust: 1.3
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.0.2	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0	Trust: 1.0
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	5.0	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.0.1	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.7	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.6	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	4.0	Trust: 1.0
vendor:	ibm	model:	rational quality manager	scope:	eq	version:	5.0	Trust: 1.0
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0	Trust: 1.0
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	rational doors next generation	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	rational engineering lifecycle manager	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	rational quality manager	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	rational rhapsody design manager	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	rational software architect design manager	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	rational team concert	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational software architect design manager	scope:	eq	version:	4.0.0	Trust: 0.3
vendor:	ibm	model:	rational rhapsody design manager	scope:	eq	version:	4.0.0	Trust: 0.3
vendor:	ibm	model:	rational doors next generation	scope:	eq	version:	4.0.0	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	5.0.7	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	5.0.0	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.0.2	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.0.1	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management	scope:	eq	version:	4.0.0	Trust: 0.3
vendor:	ibm	model:	jazz team server	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	rational team concert ifix5	scope:	ne	version:	6.0.4	Trust: 0.3
vendor:	ibm	model:	rational team concert ifix14	scope:	ne	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational team concert ifix24	scope:	ne	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rational team concert ifix15	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	ibm	model:	rational software architect design manager ifix5	scope:	ne	version:	6.0.4	Trust: 0.3
vendor:	ibm	model:	rational software architect design manager ifix14	scope:	ne	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational software architect design manager ifix24	scope:	ne	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rational software architect design manager ifix15	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	ibm	model:	rational rhapsody design manager ifix5	scope:	ne	version:	6.0.4	Trust: 0.3
vendor:	ibm	model:	rational rhapsody design manager ifix14	scope:	ne	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational rhapsody design manager ifix24	scope:	ne	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rational rhapsody design manager ifix15	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	ibm	model:	rational engineering lifecycle manager ifix5	scope:	ne	version:	6.0.4	Trust: 0.3
vendor:	ibm	model:	rational engineering lifecycle manager ifix14	scope:	ne	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational engineering lifecycle manager ifix24	scope:	ne	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rational engineering lifecycle manager ifix15	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	ibm	model:	rational doors next generation ifix5	scope:	ne	version:	6.0.4	Trust: 0.3
vendor:	ibm	model:	rational doors next generation ifix14	scope:	ne	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational doors next generation ifix24	scope:	ne	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rational doors next generation ifix15	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management ifix5	scope:	ne	version:	6.0.4	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management ifix14	scope:	ne	version:	6.0.2	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management ifix24	scope:	ne	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rational collaborative lifecycle management ifix15	scope:	ne	version:	4.0.7	Trust: 0.3

sources: BID: 102020 // JVNDB: JVNDB-2017-010847 // CNNVD: CNNVD-201711-1083 // NVD: CVE-2017-1570

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-1570
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-1570
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-1083
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-1570
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2017-1570
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2017-010847 // CNNVD: CNNVD-201711-1083 // NVD: CVE-2017-1570

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-010847 // NVD: CVE-2017-1570

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1083

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-1083

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010847

PATCH

title:	2010512	url:	http://www-01.ibm.com/support/docview.wss?uid=swg22010512	Trust: 0.8
title:	IBM Rational Collaborative Lifecycle Management Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76757	Trust: 0.6

sources: JVNDB: JVNDB-2017-010847 // CNNVD: CNNVD-201711-1083

EXTERNAL IDS

db:	NVD	id:	CVE-2017-1570	Trust: 2.7
db:	BID	id:	102020	Trust: 1.3
db:	JVNDB	id:	JVNDB-2017-010847	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1083	Trust: 0.6

sources: BID: 102020 // JVNDB: JVNDB-2017-010847 // CNNVD: CNNVD-201711-1083 // NVD: CVE-2017-1570

REFERENCES

url:	http://www.ibm.com/support/docview.wss?uid=swg22010512	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/131852	Trust: 1.6
url:	http://www.securityfocus.com/bid/102020	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1570	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1570	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg22010512	Trust: 0.3

sources: BID: 102020 // JVNDB: JVNDB-2017-010847 // CNNVD: CNNVD-201711-1083 // NVD: CVE-2017-1570

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 102020

SOURCES

db:	BID	id:	102020
db:	JVNDB	id:	JVNDB-2017-010847
db:	CNNVD	id:	CNNVD-201711-1083
db:	NVD	id:	CVE-2017-1570

LAST UPDATE DATE

2024-11-23T22:52:19.674000+00:00

SOURCES UPDATE DATE

db:	BID	id:	102020	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010847	date:	2017-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201711-1083	date:	2017-11-28T00:00:00
db:	NVD	id:	CVE-2017-1570	date:	2024-11-21T03:22:06.143

SOURCES RELEASE DATE

db:	BID	id:	102020	date:	2017-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-010847	date:	2017-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201711-1083	date:	2017-11-28T00:00:00
db:	NVD	id:	CVE-2017-1570	date:	2017-11-27T21:29:00.503