All the vulnerabilites related to IBM - Engineering Test Management
cve-2020-4920
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 18:49
Severity ?
EPSS score ?
Summary
IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6441803 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/191396 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-engineering-cve20204920-xss (191396)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] } ], "datePublic": "2021-04-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/C:L/I:L/PR:L/S:C/AC:L/AV:N/UI:N/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-12T18:00:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-engineering-cve20204920-xss (191396)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-04-09T00:00:00", "ID": "CVE-2020-4920", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "N" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6441803", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-engineering-cve20204920-xss (191396)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4920", "datePublished": "2021-04-12T18:00:23.065458Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T18:49:15.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4544
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 00:41
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6398742 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/183189 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204544-info-disc (183189)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] } ], "datePublic": "2021-01-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/S:U/PR:L/AV:N/I:N/AC:L/UI:N/C:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-08T20:40:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204544-info-disc (183189)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-07T00:00:00", "ID": "CVE-2020-4544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6398742", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)", "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204544-info-disc (183189)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4544", "datePublished": "2021-01-08T20:40:23.147853Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:41:58.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4977
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192470 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:22:07.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve20204977-xss (192470)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192470" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:L/AV:N/I:L/A:N/UI:R/AC:L/S:C/C:L/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:38", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve20204977-xss (192470)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192470" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2020-4977", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve20204977-xss (192470)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192470" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4977", "datePublished": "2021-06-02T20:40:38.393153Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:47:42.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4697
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 03:34
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6398742 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/186790 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:57.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204697-xss (186790)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-01-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:C/PR:L/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-08T20:40:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204697-xss (186790)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-07T00:00:00", "ID": "CVE-2020-4697", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6398742", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)", "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204697-xss (186790)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4697", "datePublished": "2021-01-08T20:40:24.603243Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:34:13.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4547
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6408694 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/183315 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.970Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-jazz-cve20204547-clickjacking (183315)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] } ], "datePublic": "2021-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/S:C/A:N/UI:R/AC:L/I:L/C:L/PR:L/AV:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-27T16:15:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-jazz-cve20204547-clickjacking (183315)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-26T00:00:00", "ID": "CVE-2020-4547", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6408694", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-jazz-cve20204547-clickjacking (183315)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4547", "datePublished": "2021-01-27T16:15:26.519672Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:18:48.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20340
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194451 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120340-xss (194451)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:N/S:C/PR:L/AC:L/AV:N/C:L/I:L/UI:R/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:43", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120340-xss (194451)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2021-20340", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120340-xss (194451)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20340", "datePublished": "2021-03-04T19:05:43.218269Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T19:35:33.537Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-5004
Vulnerability from cvelistv5
Published
2021-07-28 12:25
Modified
2024-09-16 17:44
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6475919 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192957 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:22:08.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6475919" }, { "name": "ibm-jazz-cve20205004-xss (192957)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:L/AV:N/A:N/UI:R/C:L/AC:L/S:C/I:L/E:H/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-28T12:25:12", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6475919" }, { "name": "ibm-jazz-cve20205004-xss (192957)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-07-27T00:00:00", "ID": "CVE-2020-5004", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6475919", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)", "url": "https://www.ibm.com/support/pages/node/6475919" }, { "name": "ibm-jazz-cve20205004-xss (192957)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-5004", "datePublished": "2021-07-28T12:25:13.063011Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T17:44:16.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20343
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 20:03
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194593 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120343-ssrf (194593)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194593" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/C:L/PR:L/AV:N/I:L/A:N/AC:L/UI:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:40", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120343-ssrf (194593)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194593" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-20343", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120343-ssrf (194593)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194593" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20343", "datePublished": "2021-06-02T20:40:40.575380Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T20:03:07.384Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4975
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192435 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.260Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-jazz-cve20204975-xss (192435)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:L/S:C/A:N/AC:L/AV:N/UI:R/I:L/C:L/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:42", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-jazz-cve20204975-xss (192435)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2020-4975", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-jazz-cve20204975-xss (192435)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4975", "datePublished": "2021-03-04T19:05:42.516646Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T21:07:17.435Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4691
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6398742 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/186698 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:57.816Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204691-xss (186698)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-01-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:U/PR:L/E:H/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-08T20:40:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204691-xss (186698)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-07T00:00:00", "ID": "CVE-2020-4691", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6398742", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)", "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204691-xss (186698)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4691", "datePublished": "2021-01-08T20:40:23.887295Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T01:26:13.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20346
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 16:12
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194595 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.810Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120346-ssrf (194595)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194595" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:L/S:U/UI:N/A:N/AC:L/I:L/AV:N/PR:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:41", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120346-ssrf (194595)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194595" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-20346", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120346-ssrf (194595)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194595" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20346", "datePublished": "2021-06-02T20:40:41.976873Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T16:12:46.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20347
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194596 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:24.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120347-ssrf (194596)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194596" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:L/S:U/AC:L/A:N/UI:N/I:L/AV:N/PR:L/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:42", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120347-ssrf (194596)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194596" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-20347", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120347-ssrf (194596)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194596" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20347", "datePublished": "2021-06-02T20:40:42.715216Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T22:36:24.826Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20357
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6408694 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194963 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:24.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-gcm-cve202120357-xss (194963)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] } ], "datePublic": "2021-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/S:C/A:N/UI:R/I:L/RL:O/RC:C/E:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-27T16:15:28", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-gcm-cve202120357-xss (194963)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-26T00:00:00", "ID": "CVE-2021-20357", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "7.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6408694", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-gcm-cve202120357-xss (194963)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20357", "datePublished": "2021-01-27T16:15:28.467865Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T22:41:31.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20371
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/195516 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:24.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120371-info-disc (195516)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195516" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/AV:N/I:N/UI:N/A:N/AC:L/S:U/C:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:44", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120371-info-disc (195516)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195516" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-20371", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120371-info-disc (195516)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195516" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20371", "datePublished": "2021-06-02T20:40:44.116913Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T23:06:28.698Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4495
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 17:27
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/182114 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-rhapsody-cve20204495-sec-bypass (182114)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182114" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/PR:L/I:H/AC:L/A:H/UI:N/S:U/C:H/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Bypass Security", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:36", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-rhapsody-cve20204495-sec-bypass (182114)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182114" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2020-4495", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Bypass Security" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-rhapsody-cve20204495-sec-bypass (182114)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182114" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4495", "datePublished": "2021-06-02T20:40:37.009991Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T17:27:38.760Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4866
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190742 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:58.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204866-xss (190742)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/A:N/S:C/PR:L/C:L/I:L/UI:R/AV:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:41", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204866-xss (190742)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2020-4866", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204866-xss (190742)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4866", "datePublished": "2021-03-04T19:05:41.813875Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T02:52:06.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4524
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6408694 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/182434 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-jazz-cve20204524-xss (182434)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "6.0.2" } ] } ], "datePublic": "2021-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/A:N/UI:R/S:C/I:L/E:H/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-27T16:15:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-jazz-cve20204524-xss (182434)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-26T00:00:00", "ID": "CVE-2020-4524", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "6.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6408694", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-jazz-cve20204524-xss (182434)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4524", "datePublished": "2021-01-27T16:15:25.871778Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:09:56.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4733
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 00:25
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6398742 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/188127 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.102Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204733-xss (188127)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-01-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/UI:R/C:L/I:L/AV:N/RL:O/RC:C/E:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-08T20:40:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204733-xss (188127)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-07T00:00:00", "ID": "CVE-2020-4733", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6398742", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)", "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204733-xss (188127)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4733", "datePublished": "2021-01-08T20:40:25.291517Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:25:50.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20338
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194449 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202120338-xss (194449)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194449" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/PR:L/I:L/A:N/AC:L/UI:R/S:C/C:L/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:39", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202120338-xss (194449)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194449" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-20338", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202120338-xss (194449)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194449" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20338", "datePublished": "2021-06-02T20:40:39.803137Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T16:27:29.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4974
Vulnerability from cvelistv5
Published
2021-07-28 12:25
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6475919 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6475919" }, { "name": "ibm-jazz-cve20204974-ssrf (192434)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:L/UI:N/C:L/AV:N/PR:L/I:L/AC:L/S:U/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-28T12:25:11", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6475919" }, { "name": "ibm-jazz-cve20204974-ssrf (192434)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-07-27T00:00:00", "ID": "CVE-2020-4974", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6475919", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)", "url": "https://www.ibm.com/support/pages/node/6475919" }, { "name": "ibm-jazz-cve20204974-ssrf (192434)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4974", "datePublished": "2021-07-28T12:25:11.431091Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T01:41:02.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4964
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6441803 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192419 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.274Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-jazz-cve20204964-phishing (192419)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-04-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:L/C:N/A:N/UI:N/S:U/AV:N/AC:L/PR:L/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Data Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-12T18:00:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-jazz-cve20204964-phishing (192419)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-04-09T00:00:00", "ID": "CVE-2020-4964", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Data Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6441803", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-jazz-cve20204964-phishing (192419)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4964", "datePublished": "2021-04-12T18:00:23.918366Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:09:59.439Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4856
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190459 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.021Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204856-xss (190459)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/AV:N/UI:N/C:L/I:L/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:39", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204856-xss (190459)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2020-4856", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "N" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204856-xss (190459)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4856", "datePublished": "2021-03-04T19:05:39.571133Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:40:54.180Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20345
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194594 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.691Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120345-ssrf (194594)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194594" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/AV:N/I:L/UI:N/A:N/AC:L/S:U/C:L/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:41", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120345-ssrf (194594)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194594" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-20345", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120345-ssrf (194594)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194594" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20345", "datePublished": "2021-06-02T20:40:41.294392Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T22:51:25.085Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20519
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6441803 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/198441 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:44.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-engineering-cve202120519-xss (198441)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] } ], "datePublic": "2021-04-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/I:L/C:L/A:N/AC:L/S:C/AV:N/UI:R/PR:L/E:H/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-12T18:00:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-engineering-cve202120519-xss (198441)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-04-09T00:00:00", "ID": "CVE-2021-20519", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6441803", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-engineering-cve202120519-xss (198441)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20519", "datePublished": "2021-04-12T18:00:25.456334Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T22:24:46.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20348
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 20:43
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194597 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120348-ssrf (194597)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194597" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/UI:N/I:L/PR:L/AV:N/C:L/S:U/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:43", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120348-ssrf (194597)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194597" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-20348", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-jazz-cve202120348-ssrf (194597)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194597" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20348", "datePublished": "2021-06-02T20:40:43.390611Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T20:43:23.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29670
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199408 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:06.281Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202129670-xss (199408)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199408" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:N/AC:L/UI:R/I:L/PR:L/AV:N/C:L/S:C/E:H/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:45", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202129670-xss (199408)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199408" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-29670", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202129670-xss (199408)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199408" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29670", "datePublished": "2021-06-02T20:40:45.538245Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T20:36:39.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-5030
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-17 02:15
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/193737 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:22:09.064Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve20205030-xss (193737)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193737" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/C:L/S:C/A:N/AC:L/UI:R/I:L/PR:L/AV:N/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:39", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve20205030-xss (193737)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193737" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2020-5030", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve20205030-xss (193737)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193737" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-5030", "datePublished": "2021-06-02T20:40:39.111512Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T02:15:54.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38934
Vulnerability from cvelistv5
Published
2022-08-29 21:10
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6615619 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/210671 | vdb-entry, x_refsource_XF |
Impacted products
▼ | Vendor | Product |
---|---|---|
IBM | Engineering Test Management |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6615619" }, { "name": "ibm-engineering-cve202138934-xss (210671)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210671" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.0" } ] } ], "datePublic": "2022-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:N/S:C/AV:N/AC:L/PR:L/C:L/UI:R/I:L/E:H/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-29T21:10:09", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6615619" }, { "name": "ibm-engineering-cve202138934-xss (210671)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210671" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-08-26T00:00:00", "ID": "CVE-2021-38934", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.1" }, { "version_value": "7.0.2" }, { "version_value": "7.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6615619", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6615619 (Engineering Test Management)", "url": "https://www.ibm.com/support/pages/node/6615619" }, { "name": "ibm-engineering-cve202138934-xss (210671)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210671" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38934", "datePublished": "2022-08-29T21:10:09.490561Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T23:51:47.129Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43054
Vulnerability from cvelistv5
Published
2024-03-03 12:15
Modified
2024-08-02 19:37
Severity ?
EPSS score ?
Summary
IBM Engineering Test Management cross-site scripting
References
Impacted products
▼ | Vendor | Product |
---|---|---|
IBM | Engineering Test Management |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-43054", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-04T16:47:22.461006Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:26:04.846Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T19:37:23.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7122399" }, { "tags": [ "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267459" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.2, 7.0.3" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267459." } ], "value": "IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267459." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-03T12:15:07.703Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7122399" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267459" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Engineering Test Management cross-site scripting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-43054", "datePublished": "2024-03-03T12:15:07.703Z", "dateReserved": "2023-09-15T01:12:28.345Z", "dateUpdated": "2024-08-02T19:37:23.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4732
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-17 03:14
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/188126 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:57.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-etm-cve20204732-info-disc (188126)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:L/S:U/A:N/UI:N/AC:L/I:N/AV:N/PR:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:37", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-etm-cve20204732-info-disc (188126)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2020-4732", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-etm-cve20204732-info-disc (188126)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188126" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4732", "datePublished": "2021-06-02T20:40:37.689209Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:14:06.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29668
Vulnerability from cvelistv5
Published
2021-06-02 20:40
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199406 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:06.129Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202129668-xss (199406)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199406" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/S:C/C:L/PR:L/AV:N/I:L/UI:R/A:N/AC:L/RL:O/E:H/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T20:40:44", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202129668-xss (199406)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199406" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-01T00:00:00", "ID": "CVE-2021-29668", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457739", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457739 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6457739" }, { "name": "ibm-engineering-cve202129668-xss (199406)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199406" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29668", "datePublished": "2021-06-02T20:40:44.845040Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T02:42:44.006Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4855
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6408694 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190457 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.117Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-engineering-cve20204855-xss (190457)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "6.0.2" } ] } ], "datePublic": "2021-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/A:N/UI:R/S:C/I:L/PR:L/C:L/AV:N/RC:C/RL:O/E:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-27T16:15:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-engineering-cve20204855-xss (190457)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-26T00:00:00", "ID": "CVE-2020-4855", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "6.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6408694", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-engineering-cve20204855-xss (190457)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4855", "datePublished": "2021-01-27T16:15:27.177472Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T01:46:27.762Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4487
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-16 18:50
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6398742 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/181862 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204487-info-disc (181862)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2021-01-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/A:N/S:U/C:L/AC:L/UI:N/AV:N/I:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-08T20:40:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204487-info-disc (181862)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-07T00:00:00", "ID": "CVE-2020-4487", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6398742", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)", "url": "https://www.ibm.com/support/pages/node/6398742" }, { "name": "ibm-jazz-cve20204487-info-disc (181862)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4487", "datePublished": "2021-01-08T20:40:22.413554Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T18:50:20.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4865
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6408694 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190741 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-engineering-cve20204865-xss (190741)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "6.0.2" } ] } ], "datePublic": "2021-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/PR:L/C:L/I:L/AC:L/S:C/UI:R/A:N/RL:O/RC:C/E:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-27T16:15:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-engineering-cve20204865-xss (190741)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-26T00:00:00", "ID": "CVE-2020-4865", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Rational Rhapsody Design Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "7.0" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "6.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6408694", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6408694" }, { "name": "ibm-engineering-cve20204865-xss (190741)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4865", "datePublished": "2021-01-27T16:15:27.819250Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:21:28.445Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20350
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194707 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120350-xss (194707)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/C:L/I:L/UI:R/A:N/S:C/PR:L/AC:L/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:43", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120350-xss (194707)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2021-20350", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120350-xss (194707)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20350", "datePublished": "2021-03-04T19:05:43.976267Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T17:28:43.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20351
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-17 00:10
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/194708 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120351-xss (194708)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/UI:R/C:L/I:L/AV:N/AC:L/PR:L/A:N/S:C/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:44", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120351-xss (194708)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2021-20351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve202120351-xss (194708)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20351", "datePublished": "2021-03-04T19:05:44.675900Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-17T00:10:34.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4863
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190566 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.185Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204863-xss (190566)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/I:L/C:L/AV:N/AC:L/PR:L/S:C/A:N/E:H/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:40", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204863-xss (190566)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2020-4863", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "N" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204863-xss (190566)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4863", "datePublished": "2021-03-04T19:05:41.061621Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T18:34:09.064Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4857
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6417585 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190460 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204857-xss (190460)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/AV:N/UI:N/C:L/I:L/RC:C/E:H/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T19:05:40", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204857-xss (190460)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-02-26T00:00:00", "ID": "CVE-2020-4857", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "N" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6417585", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6417585 (Rational Team Concert)", "url": "https://www.ibm.com/support/pages/node/6417585" }, { "name": "ibm-engineering-cve20204857-xss (190460)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4857", "datePublished": "2021-03-04T19:05:40.309975Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T03:43:11.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4965
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6441803 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192422 | vdb-entry, x_refsource_XF |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.387Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-jazz-cve20204965-info-disc (192422)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational DOORS Next Generation", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Test Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Rational Collaborative Lifecycle Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Engineering Lifecycle Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" } ] }, { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Team Concert", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] }, { "product": "Rational Rhapsody Model Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "6.0.2" } ] }, { "product": "Engineering Workflow Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] }, { "product": "Engineering Lifecycle Optimization", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" } ] } ], "datePublic": "2021-04-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/I:N/A:N/UI:N/S:U/AC:H/AV:N/PR:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-12T18:00:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-jazz-cve20204965-info-disc (192422)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-04-09T00:00:00", "ID": "CVE-2020-4965", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational DOORS Next Generation", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Test Management", "version": { "version_data": [ { "version_value": "7.0.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Rational Collaborative Lifecycle Management", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Engineering Lifecycle Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" } ] } }, { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Team Concert", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } }, { "product_name": "Rational Rhapsody Model Manager", "version": { "version_data": [ { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" }, { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "6.0.2" } ] } }, { "product_name": "Engineering Workflow Management", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } }, { "product_name": "Engineering Lifecycle Optimization", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.0.1" }, { "version_value": "7.0.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6441803", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)", "url": "https://www.ibm.com/support/pages/node/6441803" }, { "name": "ibm-jazz-cve20204965-info-disc (192422)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4965", "datePublished": "2021-04-12T18:00:24.743638Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T21:07:23.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }