Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for attacks by displaying improper handling of errors (CVE-2016-9748)

Summary

An undisclosed security vulnerability of Rational DOORS Next Generation may result in an attack by revealing implementations details, internal error messages, database dumps or error codes.

Vulnerability Details

CVEID: CVE-2016-9748**
DESCRIPTION:** IBM RM discloses sensitive information in error response messages that could be used for further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120205 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Rational DOORS Next Generation 6.0-6.0.2

Rational DOORS Next Generation 5.0-5.0.2

Rational Requirements Composer 4.0.7

Remediation/Fixes

For 6.0-6.0.2, upgrade to version 6.0.2 iFix006 or later

• Rational DOORS Next Generation 6.0.2 iFix006
  For 5.0-5.0.2, upgrade to version 5.0.2 iFix019 or later
• Rational DOORS Next Generation 5.0.2 iFix019
  For 4.0.7, upgrade to version 4.0.7 iFix012 or later
• Rational DOORS Next Generation 4.0.7 iFix012

Workarounds and Mitigations

None