CVE-2017-1239
Description
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Quality Manager (RQM) versions 5.0.x and 6.0 through 6.0.5 leak sensitive information in HTTP 500 error responses, allowing authenticated users to obtain internal data.
Vulnerability
IBM Quality Manager (RQM) versions 5.0.x and 6.0 through 6.0.5 contain an information disclosure vulnerability where HTTP 500 Internal Server Error responses may include sensitive information [1]. The issue occurs when the application returns detailed error messages that expose internal state or data.
Exploitation
An attacker with valid credentials (low-privileged user) can trigger conditions that cause HTTP 500 errors, such as sending malformed requests or accessing resources that lead to server-side exceptions. The attacker does not require user interaction, and the attack is over the network [1].
Impact
Successful exploitation results in the disclosure of sensitive information, potentially including configuration details, internal paths, or other data that could aid further attacks. The confidentiality impact is low, and there is no impact on integrity or availability [1].
Mitigation
IBM has released fixes as part of IBM Rational Quality Manager 6.0.6 (iFix1) and later. Users should upgrade to a fixed version. For versions 5.0.x, upgrade to 6.0.6 or later. The security bulletin [1] provides details on obtaining the fix.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: >=5.0.0 <6.0.6 or >=5.0.0 <=5.0.2
- Range: 6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/124357mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.