Search criteria
87 vulnerabilities found for engineering_requirements_quality_assistant_on-premises by ibm
FKIE_CVE-2021-29790
Vulnerability from fkie_nvd - Published: 2022-07-18 18:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/203440 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/203440 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_quality_assistant_on-premises | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440."
},
{
"lang": "es",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 203440"
}
],
"id": "CVE-2021-29790",
"lastModified": "2024-11-21T06:01:49.133",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-18T18:15:08.723",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-38868
Vulnerability from fkie_nvd - Published: 2022-07-18 18:15 - Updated: 2024-11-21 06:18
Severity ?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/208310 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/208310 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_quality_assistant_on-premises | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310."
},
{
"lang": "es",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo Cross-Site Request Forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que conf\u00eda el sitio web. IBM X-Force Id: 208310"
}
],
"id": "CVE-2021-38868",
"lastModified": "2024-11-21T06:18:06.843",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-18T18:15:08.820",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29799
Vulnerability from fkie_nvd - Published: 2022-07-18 18:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/203738 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/203738 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_quality_assistant_on-premises | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738."
},
{
"lang": "es",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) podr\u00eda permitir a un usuario autenticado obtener informaci\u00f3n confidencial debido a una comprobaci\u00f3n inapropiada del lado del cliente. IBM X-Force ID: 203738"
}
],
"id": "CVE-2021-29799",
"lastModified": "2024-11-21T06:01:49.890",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-18T18:15:08.770",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29788
Vulnerability from fkie_nvd - Published: 2022-07-18 18:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/203310 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/203310 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6604005 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_quality_assistant_on-premises | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310."
},
{
"lang": "es",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 203310"
}
],
"id": "CVE-2021-29788",
"lastModified": "2024-11-21T06:01:49.013",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-18T18:15:08.677",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29899
Vulnerability from fkie_nvd - Published: 2022-03-18 16:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/207413 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6564317 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/207413 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6564317 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_quality_assistant_on-premises | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F26B3E-1EA1-49ED-A749-9D6639CBEE67",
"versionEndExcluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
},
{
"lang": "es",
"value": "IBM Engineering Requirements Quality Assistant versiones anteriores a 3.1.3, podr\u00eda permitir a un usuario autenticado causar una denegaci\u00f3n de servicio. IBM X-Force ID: 207413"
}
],
"id": "CVE-2021-29899",
"lastModified": "2024-11-21T06:01:58.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-18T16:15:08.350",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29844
Vulnerability from fkie_nvd - Published: 2021-10-27 16:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6508583 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6508583 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA081AC9-023F-492E-B2F4-FB30029D05B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC78DE1B-6068-4BDF-AFED-93552149B912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE56C15-D89F-41A0-BFC6-9130B381E66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeraci\u00f3n de la red o facilitar otros ataques"
}
],
"id": "CVE-2021-29844",
"lastModified": "2024-11-21T06:01:54.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-27T16:15:07.613",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-5004
Vulnerability from fkie_nvd - Published: 2021-07-28 13:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192957 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6475919 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192957 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6475919 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
},
{
"lang": "es",
"value": "Los productos de IBM Jazz Foundation son vulnerables al cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario de la web, alterando as\u00ed la funcionalidad prevista y llevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 192957"
}
],
"id": "CVE-2020-5004",
"lastModified": "2024-11-21T05:33:32.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-28T13:15:08.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4974
Vulnerability from fkie_nvd - Published: 2021-07-28 13:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6475919 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6475919 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation son vulnerables a la falsificaci\u00f3n de solicitudes del lado del servidor (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda conducir a la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 192434"
}
],
"id": "CVE-2020-4974",
"lastModified": "2024-11-21T05:33:29.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-28T13:15:08.113",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20507
Vulnerability from fkie_nvd - Published: 2021-07-19 16:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 198235"
}
],
"id": "CVE-2021-20507",
"lastModified": "2024-11-21T05:46:41.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-19T16:15:08.650",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6473141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6473141"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20520
Vulnerability from fkie_nvd - Published: 2021-03-30 17:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/198572 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6437579 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/198572 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6437579 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_insights | 7.0 | |
| ibm | engineering_insights | 7.0.1 | |
| ibm | engineering_insights | 7.0.2 | |
| ibm | engineering_lifecycle_management | 7.0 | |
| ibm | engineering_requirements_quality_assistant_on-premises | - | |
| ibm | engineering_workflow_management | 7.0.0 | |
| ibm | engineering_workflow_management | 7.0.1 | |
| ibm | engineering_workflow_management | 7.0.2 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.2 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.6 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.6.1 | |
| ibm | rational_team_concert | 6.0.6 | |
| ibm | rational_team_concert | 6.0.6.1 | |
| ibm | rational_team_concert | 6.0.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572."
},
{
"lang": "es",
"value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 198572."
}
],
"id": "CVE-2021-20520",
"lastModified": "2024-11-21T05:46:42.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T17:15:16.917",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437579"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20504
Vulnerability from fkie_nvd - Published: 2021-03-30 17:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/198231 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6437579 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/198231 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6437579 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_insights | 7.0 | |
| ibm | engineering_insights | 7.0.1 | |
| ibm | engineering_insights | 7.0.2 | |
| ibm | engineering_lifecycle_management | 7.0 | |
| ibm | engineering_requirements_quality_assistant_on-premises | - | |
| ibm | engineering_workflow_management | 7.0.0 | |
| ibm | engineering_workflow_management | 7.0.1 | |
| ibm | engineering_workflow_management | 7.0.2 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.2 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.6 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.6.1 | |
| ibm | rational_team_concert | 6.0.6 | |
| ibm | rational_team_concert | 6.0.6.1 | |
| ibm | rational_team_concert | 6.0.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
},
{
"lang": "es",
"value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 198231."
}
],
"id": "CVE-2021-20504",
"lastModified": "2024-11-21T05:46:41.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T17:15:16.727",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437579"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20447
Vulnerability from fkie_nvd - Published: 2021-03-30 17:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/196623 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6437579 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/196623 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6437579 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_insights | 7.0 | |
| ibm | engineering_insights | 7.0.1 | |
| ibm | engineering_insights | 7.0.2 | |
| ibm | engineering_lifecycle_management | 7.0 | |
| ibm | engineering_requirements_quality_assistant_on-premises | - | |
| ibm | engineering_workflow_management | 7.0.0 | |
| ibm | engineering_workflow_management | 7.0.1 | |
| ibm | engineering_workflow_management | 7.0.2 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.2 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.6 | |
| ibm | rational_engineering_lifecycle_manager | 6.0.6.1 | |
| ibm | rational_team_concert | 6.0.6 | |
| ibm | rational_team_concert | 6.0.6.1 | |
| ibm | rational_team_concert | 6.0.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623."
},
{
"lang": "es",
"value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 196623."
}
],
"id": "CVE-2021-20447",
"lastModified": "2024-11-21T05:46:36.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T17:15:16.477",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437579"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-38868 (GCVE-0-2021-38868)
Vulnerability from cvelistv5 – Published: 2022-07-18 17:00 – Updated: 2024-09-17 02:20
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202138868-csrf (208310)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/PR:N/I:H/AC:L/A:N/UI:R/AV:N/C:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202138868-csrf (208310)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-38868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202138868-csrf (208310)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38868",
"datePublished": "2022-07-18T17:00:34.389786Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T02:20:50.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29799 (GCVE-0-2021-29799)
Vulnerability from cvelistv5 – Published: 2022-07-18 17:00 – Updated: 2024-09-16 17:37
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129799-info-disc (203738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/I:N/AV:N/A:N/UI:N/S:U/PR:L/C:H/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129799-info-disc (203738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-29799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129799-info-disc (203738)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29799",
"datePublished": "2022-07-18T17:00:31.822196Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:37:56.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29790 (GCVE-0-2021-29790)
Vulnerability from cvelistv5 – Published: 2022-07-18 17:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129790-xss (203440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/AC:L/I:L/AV:N/UI:R/A:N/S:C/PR:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129790-xss (203440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-29790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129790-xss (203440)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29790",
"datePublished": "2022-07-18T17:00:27.433570Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T23:31:08.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29788 (GCVE-0-2021-29788)
Vulnerability from cvelistv5 – Published: 2022-07-18 17:00 – Updated: 2024-09-17 00:01
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:02.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129788-xss (203310)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/S:C/UI:R/A:N/AV:N/I:L/AC:L/C:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129788-xss (203310)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-29788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129788-xss (203310)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29788",
"datePublished": "2022-07-18T17:00:22.945922Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-17T00:01:08.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29899 (GCVE-0-2021-29899)
Vulnerability from cvelistv5 – Published: 2022-03-18 15:40 – Updated: 2024-09-16 17:43
VLAI?
Summary
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2022-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/AC:L/PR:L/I:N/A:H/AV:N/C:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T15:40:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-17T00:00:00",
"ID": "CVE-2021-29899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6564317",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6564317 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29899",
"datePublished": "2022-03-18T15:40:14.510690Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:43:30.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29844 (GCVE-0-2021-29844)
Vulnerability from cvelistv5 – Published: 2021-10-27 16:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:L/C:L/S:U/PR:L/AV:N/A:N/UI:N/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T16:00:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ID": "CVE-2021-29844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6508583",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29844",
"datePublished": "2021-10-27T16:00:31.302142Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:59:19.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5004 (GCVE-0-2020-5004)
Vulnerability from cvelistv5 – Published: 2021-07-28 12:25 – Updated: 2024-09-16 17:44
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Team Concert |
Affected:
6.0.6
Affected: 6.0.6.1 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20205004-xss (192957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/AV:N/A:N/UI:R/C:L/AC:L/S:C/I:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T12:25:12",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20205004-xss (192957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-27T00:00:00",
"ID": "CVE-2020-5004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6475919",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20205004-xss (192957)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-5004",
"datePublished": "2021-07-28T12:25:13.063011Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:44:16.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4974 (GCVE-0-2020-4974)
Vulnerability from cvelistv5 – Published: 2021-07-28 12:25 – Updated: 2024-09-17 01:41
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Test Management |
Affected:
7.0.0
Affected: 7.0.1 Affected: 7.0.2 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20204974-ssrf (192434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/UI:N/C:L/AV:N/PR:L/I:L/AC:L/S:U/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T12:25:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20204974-ssrf (192434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-27T00:00:00",
"ID": "CVE-2020-4974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6475919",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20204974-ssrf (192434)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4974",
"datePublished": "2021-07-28T12:25:11.431091Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:41:02.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20507 (GCVE-0-2021-20507)
Vulnerability from cvelistv5 – Published: 2021-07-19 16:00 – Updated: 2024-09-17 03:12
VLAI?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
Affected: 7.0.1 Affected: 7.0.2 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6473141"
},
{
"name": "ibm-jazz-cve202120507-xss (198235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/C:L/AC:L/S:C/AV:N/I:L/PR:L/UI:R/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T16:00:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6473141"
},
{
"name": "ibm-jazz-cve202120507-xss (198235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-16T00:00:00",
"ID": "CVE-2021-20507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6473141",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)",
"url": "https://www.ibm.com/support/pages/node/6473141"
},
{
"name": "ibm-jazz-cve202120507-xss (198235)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20507",
"datePublished": "2021-07-19T16:00:25.382956Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T03:12:37.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38868 (GCVE-0-2021-38868)
Vulnerability from nvd – Published: 2022-07-18 17:00 – Updated: 2024-09-17 02:20
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202138868-csrf (208310)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/PR:N/I:H/AC:L/A:N/UI:R/AV:N/C:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202138868-csrf (208310)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-38868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202138868-csrf (208310)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38868",
"datePublished": "2022-07-18T17:00:34.389786Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T02:20:50.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29799 (GCVE-0-2021-29799)
Vulnerability from nvd – Published: 2022-07-18 17:00 – Updated: 2024-09-16 17:37
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129799-info-disc (203738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/I:N/AV:N/A:N/UI:N/S:U/PR:L/C:H/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129799-info-disc (203738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-29799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129799-info-disc (203738)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29799",
"datePublished": "2022-07-18T17:00:31.822196Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:37:56.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29790 (GCVE-0-2021-29790)
Vulnerability from nvd – Published: 2022-07-18 17:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129790-xss (203440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/AC:L/I:L/AV:N/UI:R/A:N/S:C/PR:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129790-xss (203440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-29790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129790-xss (203440)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29790",
"datePublished": "2022-07-18T17:00:27.433570Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T23:31:08.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29788 (GCVE-0-2021-29788)
Vulnerability from nvd – Published: 2022-07-18 17:00 – Updated: 2024-09-17 00:01
VLAI?
Summary
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant On-Premises |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:02.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129788-xss (203310)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant On-Premises",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/S:C/UI:R/A:N/AV:N/I:L/AC:L/C:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T17:00:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129788-xss (203310)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-15T00:00:00",
"ID": "CVE-2021-29788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant On-Premises",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6604005",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6604005 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6604005"
},
{
"name": "ibm-engineering-cve202129788-xss (203310)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29788",
"datePublished": "2022-07-18T17:00:22.945922Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-17T00:01:08.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29899 (GCVE-0-2021-29899)
Vulnerability from nvd – Published: 2022-03-18 15:40 – Updated: 2024-09-16 17:43
VLAI?
Summary
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2022-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/AC:L/PR:L/I:N/A:H/AV:N/C:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T15:40:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-17T00:00:00",
"ID": "CVE-2021-29899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6564317",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6564317 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29899",
"datePublished": "2022-03-18T15:40:14.510690Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:43:30.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29844 (GCVE-0-2021-29844)
Vulnerability from nvd – Published: 2021-10-27 16:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:L/C:L/S:U/PR:L/AV:N/A:N/UI:N/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T16:00:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ID": "CVE-2021-29844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6508583",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29844",
"datePublished": "2021-10-27T16:00:31.302142Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:59:19.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5004 (GCVE-0-2020-5004)
Vulnerability from nvd – Published: 2021-07-28 12:25 – Updated: 2024-09-16 17:44
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Team Concert |
Affected:
6.0.6
Affected: 6.0.6.1 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20205004-xss (192957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/AV:N/A:N/UI:R/C:L/AC:L/S:C/I:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T12:25:12",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20205004-xss (192957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-27T00:00:00",
"ID": "CVE-2020-5004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6475919",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20205004-xss (192957)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-5004",
"datePublished": "2021-07-28T12:25:13.063011Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:44:16.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4974 (GCVE-0-2020-4974)
Vulnerability from nvd – Published: 2021-07-28 12:25 – Updated: 2024-09-17 01:41
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Test Management |
Affected:
7.0.0
Affected: 7.0.1 Affected: 7.0.2 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20204974-ssrf (192434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/UI:N/C:L/AV:N/PR:L/I:L/AC:L/S:U/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T12:25:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20204974-ssrf (192434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-27T00:00:00",
"ID": "CVE-2020-4974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6475919",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6475919"
},
{
"name": "ibm-jazz-cve20204974-ssrf (192434)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4974",
"datePublished": "2021-07-28T12:25:11.431091Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:41:02.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20507 (GCVE-0-2021-20507)
Vulnerability from nvd – Published: 2021-07-19 16:00 – Updated: 2024-09-17 03:12
VLAI?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
Affected: 7.0.1 Affected: 7.0.2 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6473141"
},
{
"name": "ibm-jazz-cve202120507-xss (198235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/C:L/AC:L/S:C/AV:N/I:L/PR:L/UI:R/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T16:00:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6473141"
},
{
"name": "ibm-jazz-cve202120507-xss (198235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-16T00:00:00",
"ID": "CVE-2021-20507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6473141",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)",
"url": "https://www.ibm.com/support/pages/node/6473141"
},
{
"name": "ibm-jazz-cve202120507-xss (198235)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20507",
"datePublished": "2021-07-19T16:00:25.382956Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T03:12:37.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}