CVEID: CVE-2018-1639 Description: The Report Builder of Jazz Reporting Service could allow an authenticated user to obtain sensitive information beyond its assigned privileges. CVSS Base Score: 4.3 CVSS Temporal Score: See this link for the current score. CVSS Environmental Score: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions: Jazz Reporting Service 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5 and 6.0.6. Remediation/Fixes: - For Jazz Reporting Service 5.0, 5.0.1, and 5.0.2: Download the interim fix 5.0.2-Rational-CLM-ifix027 or later package from the 5.0.2 iFix release site and follow the instructions inside the package for patch application. - For Jazz Reporting Service 6.0, 6.0.1, and 6.0.2: Download the interim fix 6.0.2-Rational-CLM-ifix018 or later package from the 6.0.2 iFix release site and follow the instructions inside the package for patch application. - For Jazz Reporting Service 6.0.3, 6.0.4, 6.0.5, and 6.0.6: Download the interim fix 6.0.6-Rational-CLM-ifix004 or later package from the 6.0.6 iFix release site and follow the instructions inside the package for patch application. Workarounds and Mitigations: None