IBM RTC Other Vulnerability - CVE-2015-0112 - Vulnerability Database

IBM RTC Other Vulnerability - CVE-2015-0112

Medium
Reference: CVE-2015-0112
Title: IBM RTC Other Vulnerability
Overview:

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4 Rational Quality Manager (RQM) 2.0 through 2.0.1 3.0 through 3.0.1.6 4.0 through 4.0.7 and 5.0 through 5.0.2 Rational Team Concert (RTC) 2.0 through 2.0.0.2 3.x before 3.0.1.6 IF6 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4 Rational Requirements Composer (RRC) 2.0 through 2.0.0.4 3.x before 3.0.1.6 IF6 and 4.0 through 4.0.7 Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4 Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1 4.0.3 through 4.0.7 and 5.0 through 5.0.2 Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1 4.0 through 4.0.7 and 5.0 through 5.0.2 and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue.