fkie_cve-2016-0284
Vulnerability from fkie_nvd
Published
2016-11-24 19:59
Modified
2025-04-12 10:46
Summary
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Impacted products
Vendor Product Version
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "El int\u00e9rprete XML en IBM Rational Collaborative Lifecycle Management 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegaci\u00f3n de servicio a trav\u00e9s de un documento XML que contenga una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE)."
    }
  ],
  "id": "CVE-2016-0284",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-24T19:59:04.753",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/94555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94555"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…