Description

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request.

Remediation

References

CVE-2015-0113

Related Vulnerabilities

WordPress Plugin Flexible Custom Post Type Cross-Site Scripting (0.1.5)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-24814)

PHP Improper Input Validation Vulnerability (CVE-2004-1019)

WordPress Plugin FavIcon Switcher Cross-Site Request Forgery (1.2.11)

ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40886)

Severity

Medium

Classification

CVE-2015-0113 CWE-200

Tags

Missing Update Known Vulnerabilities