CVE-2019-4252

Summary

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.

Affected Software

VendorProductVersion RangeStatus
IBMRational Collaborative Lifecycle Management6.0affected
IBMRational Collaborative Lifecycle Management6.0.1affected
IBMRational Collaborative Lifecycle Management6.0.2affected
IBMRational Collaborative Lifecycle Management6.0.3affected
IBMRational Collaborative Lifecycle Management6.0.4affected
IBMRational Collaborative Lifecycle Management6.0.5affected
IBMRational Collaborative Lifecycle Management6.0.6affected
IBMRational Collaborative Lifecycle Management6.0.6.1affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References