6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
19.4%
On applications on IBM WebSphere Application Server Liberty, an authenticated user could use a brute force attack to extract an encryption key from LTPA token and through a series of involved steps could conduct an attack whereby they replace their user name with that of another user in the LTPA token.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Products
|
Version
—|—
Jazz Foundation
|
CLM 6.0.6.1, CLM 6.0.6, ELM 7.0.2, ELM 7
BM Engineering Workflow Management
|
EWM 7.0.2, EWM 7.0.1, RTC 6.0.6.1, EWM 7
IBM Engineering Requirements Management DOORS Next
|
DOORS Next 7.0.2, DOORS Next 7.0, DOORS
IBM Common Licensing
|
LKS 9.0, Agent 9.0, ART 9.0, Client 9.0
Global Configuration Management
|
All
IBM® Engineering Lifecycle Management products do not require any additional fix and recommend users to follow the resolution steps given in:
None
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
19.4%