CVE-2015-0112
Summary
| CVE | CVE-2015-0112 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-06-07 18:59:03 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Risk And Classification
Primary CVSS: v2.0 4 from [email protected]
AV:N/AC:L/Au:S/C:P/I:N/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:S/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Rational Requirements Composer | 2.0 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 2.0.0.1 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 2.0.0.2 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 2.0.0.3 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 2.0.0.4 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0.1 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0.1.1 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0.1.2 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0.1.3 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0.1.4 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0.1.5 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.0.1.6 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 3.5 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.0 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.0.1 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.0.2 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.1 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.2 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.3 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.4 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.5 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.6 | All | All | All |
| Application | Ibm | Rational Requirements Composer | 4.0.7 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 3.0.0 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 3.0.0.1 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 3.0.1 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.0 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.1 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.2 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.3 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.4 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.5 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.6 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 4.0.7 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 5.0 | All | All | All |
| Application | Ibm | Rhapsody Design Manager | 5.0.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Security Bulletin: XXE Vulnerability in IBM Jazz Foundation affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-0112) - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.