Sensitive Information Disclosure in IBM Rational Engineering Lifecycle Manager

Sensitive Information Disclosure in IBM Rational Engineering Lifecycle Manager

CVE-2015-7484 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619.

Learn more about our User Device Pen Test.