Ibm: >> Rational Quality Manager >> 6.0.0 Security Vulnerabilities
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
CVSS Score
8.8
EPSS Score
0.009
Published
2016-10-22
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
CVSS Score
5.0
EPSS Score
0.842
Published
2010-10-26
Page 11