Zero Day Initiative Advisory 10-214 - This vulnerability allows remote attackers to execute code on vulnerable installations of Rational Quality Manager and Rational Test Lab Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the installation of the bundled tomcat server. The default ADMIN account is improperly disabled within 'tomcat-users.xml' An account providing manager role level access is left enabled with a default password. A remote attacker can use this vulnerability to execute arbitrary code under the context of the tomcat server.
5b7e364cefc265db65102910ac3f53f9be8fe8a7647cebb31b28730a58236ce3