IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability

Summary
The host is running Tomcat server in IBM Rational Quality Manager/ IBM Rational Test Lab Manager has a default password for the ADMIN account.
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of an affected application. Impact Level: Application.
Solution
Upgrade to version 7.9.0.3 build 1046 or higher For updates refer to https://www.ibm.com/developerworks/rational/products/testmanager
Insight
The flaw exists within the installation of the bundled Tomcat server. The default ADMIN account is improperly disabled within 'tomcat-users.xml' with default password. A remote attacker can use this vulnerability to execute arbitrary code under the context of the Tomcat server.
Affected
Versions prior to IBM Rational Quality Manager and IBM Test Lab Manager 7.9.0.3 build:1046
References