Lucene search

IBM0C779E30A41077563FA5AF76F75E9EC214F8A1B1EFC21AA9E8EA78A7B4833570

HistoryJun 01, 2021 - 3:41 p.m.

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.

2021-06-0115:41:30

www.ibm.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.005 Low

EPSS

Percentile

73.9%

JSON

Summary

There are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
Rhapsody DM	6.0.6
IBM Engineering Systems Design Rhapsody - Design Manager	RDM 7.0.1
Rhapsody DM	7.0.2
Rhapsody DM	6.0.6.1
RDM	7.0
DOORS Next	7.0.2
DOORS Next	7.0
DOORS Next	7.0.1
RDNG	6.0.6.1
RDNG	6.0.6
CLM	6.0.6.1
CLM	6.0.6
ELM	7.0.2
ELM	7.0
ELM	7.0.1
RQM	6.0.6.1
ETM	7.0.1
ETM	7.0.2
RQM	6.0.6
ETM	7.0.0
EWM	7.0.2
EWM	7.0.1
RTC	6.0.6.1
EWM	7.0
RTC	6.0.6

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For ELM applications version 6.0.6 to 7.0.2 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)

Security Bulletin: WebSphere Application Server is vulnerable to a directory traversal vulnerability (CVE-2021-20354)

Security Bulletin: WebSphere Application Server is vulnerable to a Directory Traversal vulnerability (CVE-2020-5016)

Security Bulletin: WebSphere Application Server is vulnerable to a Server-side Request Forgery vulnerability (CVE-2021-20480)

Security Bulletin: Vulnerability in Apache MyFaces affects WebSphere Application Server (CVE-2021-26296)

Security Bulletin: Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20453)

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454)

Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server

Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)

Security Bulletin: WebSphere Application Server ND is vulnerable to Directory Traversal vulnerability (CVE-2021-20517)

Workarounds and Mitigations

None

CPENameOperatorVersion
rational rhapsody design managereq6.0.6
rational rhapsody design managereq7.0.2
rational collaborative lifecycle managementeq6.0.6
rational collaborative lifecycle managementeq7.0.2
rational doors next generationeq6.0.6
rational doors next generationeq7.0.2
rational team concerteq6.0.6
rational team concerteq7.0.2
rational quality managereq6.0.6
rational quality managereq7.0.2

Name	Operator	Version
rational rhapsody design manager	eq	6.0.6
rational rhapsody design manager	eq	7.0.2
rational collaborative lifecycle management	eq	6.0.6
rational collaborative lifecycle management	eq	7.0.2
rational doors next generation	eq	6.0.6
rational doors next generation	eq	7.0.2
rational team concert	eq	6.0.6
rational team concert	eq	7.0.2
rational quality manager	eq	6.0.6
rational quality manager	eq	7.0.2