Check Point Advisories

IBM Rational Quality Manager and Test Lab Manager Policy Bypass

Vulnerability
Protection

Check Point Reference:	CPAI-2010-402
Date Published:	31 Oct 2010
Severity:	High
Last Updated:	Wednesday 05 December, 2018
Source:
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	IBM Rational Quality Manager and Test Lab Manager enables quality assurance teams to track all aspects of the quality assurance effort. The central artifact in the tool is a dynamic test plan that contains all information pertaining to the quality assurance effort, such as goals, schedules, milestones and exit criteria as well as links to associated test cases, requirements and development work items. A policy bypass vulnerability has been reported in IBM Rational Quality Manager and Test Lab Manager. The flaw exists within the installation of the bundled tomcat server. The default ADMIN account is improperly disabled within 'tomcat-users.xml' An account providing manager role level access is left enabled with a default password. A remote attacker can use this vulnerability to execute arbitrary code under the context of the tomcat server by sending a crafted HTTP request using a set of default credentials.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the IBM Rational Quality Manager and Test Lab Manager Policy Bypass protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: IBM Protection Violation.
Attack Information: IBM Rational Quality Manager and Test Lab manager policy bypass