Arbitrary OS Command Execution in IBM Rational Quality Manager and Rational Collaborative Lifecycle Management

Arbitrary OS Command Execution in IBM Rational Quality Manager and Rational Collaborative Lifecycle Management

CVE-2016-0326 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."

Learn more about our Code Quality Review.