阿里云漏洞库

漏洞描述

基于IBM Jazz的应用程序(IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 和6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 和6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 和 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 和 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02和6.0 through 6.0.6)可以允许经过身份验证的用户从错误消息中获取敏感信息，该错误消息可用于对系统的进一步攻击。 IBM X-Force ID：143796。

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接:
http://www.ibm.com/support/docview.wss?uid=ibm10738301

参考链接
http://www.ibm.com/support/docview.wss?uid=ibm10738301
https://exchange.xforce.ibmcloud.com/vulnerabilities/143796

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	ibm	rational_collaborative_lifecycle_management	*	From (including) 5.0.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_doors_next_generation	*	From (including) 5.0.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_doors_next_generation	*	From (including) 6.0.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_engineering_lifecycle_manager	*	From (including) 5.0.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_engineering_lifecycle_manager	*	From (including) 6.0.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_quality_manager	*	From (including) 5.0.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_quality_manager	*	From (including) 6.0.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_rhapsody_design_manager	*	From (including) 5.0.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_rhapsody_design_manager	*	From (including) 6.0.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_software_architect_design_manager	*	From (including) 5.0.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_software_architect_design_manager	*	From (including) 6.0.0	Up to (including) 6.0.1
	运行在以下环境
	应用	ibm	rational_team_concert	*	From (including) 5.0.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_team_concert	*	From (including) 6.0.0	Up to (including) 6.0.6
	运行在以下环境
	系统	amazon_2	elfutils	*		Up to (excluding) 0.176-2.amzn2
	运行在以下环境
	系统	fedora_27	chromium	*		Up to (excluding) 69.0.3497.92-1.fc27
	运行在以下环境
	系统	fedora_28	chromium	*		Up to (excluding) 69.0.3497.92-1.fc28
	运行在以下环境
	系统	fedora_29	chromium	*		Up to (excluding) 69.0.3497.100-1.fc29
	运行在以下环境
	系统	fedora_EPEL_7	chromium	*		Up to (excluding) 71.0.3578.98-2.el7
	运行在以下环境
	系统	opensuse_5.2	libdw1	*		Up to (excluding) 0.177-150300.11.3.1
	运行在以下环境
	系统	opensuse_Leap_15.0	libre2	*		Up to (excluding) 0-20180901-lp150.7.3.1
	运行在以下环境
	系统	opensuse_Leap_15.1	libdw1	*		Up to (excluding) 0.168-lp151.4.3.1
	运行在以下环境
	系统	opensuse_Leap_15.3	libdw1	*		Up to (excluding) 0.177-150300.11.3.1
	运行在以下环境
	系统	opensuse_Leap_42.3		*		Up to (excluding) 0-20180901-18.1
	运行在以下环境
	系统	oracle_7	elfutils	*		Up to (excluding) 0.176-2.el7
	运行在以下环境
	系统	suse_12_SP3	libdw1	*		Up to (excluding) 0.158-7.7.2
	运行在以下环境
	系统	suse_12_SP4	libdw1	*		Up to (excluding) 0.158-7.7.2

攻击路径

网络
攻击复杂度

低
权限要求

低
影响范围

未更改
用户交互

无
可用性

无
保密性

低
完整性

无

CWE-ID	漏洞类型
CWE-200	信息暴露

信息泄露漏洞

漏洞描述

解决建议

参考链接

受影响软件情况