Lucene search

IBM3A0DC866D169834663B5BA40C883A4DB6A1EE58CF81644BD47D83BADF875E5E2

HistoryApr 28, 2021 - 6:35 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

2021-04-2818:35:50

www.ibm.com

0.001 Low

EPSS

Percentile

32.6%

JSON

Summary

Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM).

Vulnerability Details

CVEID: CVE-2017-1725**
DESCRIPTION:** An undisclosed vulnerability in Jazz common products with potential for information disclosure.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134820 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-1734**
DESCRIPTION:** IBM Jazz Foundation stores potentially sensitive information in a cache that could be read by authenticated users.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134915 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-1700**
DESCRIPTION:** IBM DOORS Next Generation (DNG/RRC) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Rational Collaborative Lifecycle Management 5.0 - 6.0.5

Rational Quality Manager 5.0 - 5.0.2
Rational Quality Manager 6.0 - 6.0.5

Rational Team Concert 5.0 - 5.0.2
Rational Team Concert 6.0 - 6.0.5

Rational DOORS Next Generation 5.0 - 5.0.2
Rational DOORS Next Generation 6.0 - 6.0.5

Rational Engineering Lifecycle Manager 5.0 - 5.0.2
Rational Engineering Lifecycle Manager 6.0 - 6.0.5

Rational Rhapsody Design Manager 5.0 - 5.0.2
Rational Rhapsody Design Manager 6.0 - 6.0.5

Rational Software Architect Design Manager 5.0 - 5.0.2
Rational Software Architect Design Manager 6.0 - 6.0.1

Remediation/Fixes

For the 6.0 - 6.0.5 releases

Upgrade to version 6.0.5 iFix4 or later
* Rational Collaborative Lifecycle Management 6.0.5 iFix4
* Rational Team Concert 6.0.5 iFix4
* Rational Quality Manager 6.0.5 iFix4
* Rational DOORS Next Generation 6.0.5 iFix4
* Rational Software Architect Design Manager:_ Upgrade to version 6.0.5 and install server from CLM 6.0.5 iFix4
* Rational Rhapsody Design Manager: Upgrade to version 6.0.5 and install server from CLM 6.0.5 iFix4
* Rational Engineering Lifecycle Manager: Upgrade to version 6.0.5 and install server from CLM 6.0.5 iFix4
* Or upgrade to version 6.0.2 iFix16 or later
* Rational Collaborative Lifecycle Management 6.0.2 iFix16
* Rational Team Concert 6.0.2 iFix16
* Rational Quality Manager 6.0.2 iFix16
* Rational DOORS Next Generation 6.0.2 iFix16
* Rational Software Architect Design Manager: Upgrade to version 6.0.2 and install server from CLM 6.0.2 iFix16
* Rational Rhapsody Design Manager: Upgrade to version 6.0.2 and install server from CLM 6.0.2 iFix16
* Rational Engineering Lifecycle Manager: _Upgrade to version 6.0.2 and install server from CLM 6.0.2 iFix16
For the 5.x releases, upgrade to version 5.0.2 iFix25 or later

Rational Collaborative Lifecycle Management 5.0.2 iFix25
Rational Team Concert 5.0.2 iFix25
Rational Quality Manager 5.0.2 iFix25
Rational DOORS Next Generation 5.0.2 iFix25
Rational Software Architect Design Manager:_ _Upgrade to version 5.0.2 and install server from CLM 5.0.2 iFix25
Rational Rhapsody Design Manager:_ _Upgrade to version 5.0.2 and install server from CLM 5.0.2 iFix25
Rational Engineering Lifecycle Manager:_ _Upgrade to version 5.0.2 and install server from CLM 5.0.2 iFix25

For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

If the iFix is not found in the Fix Portal please contact IBM Support.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm engineering lifecycle management baseeq5.0
ibm engineering lifecycle management baseeq5.0.1
ibm engineering lifecycle management baseeq5.0.2
ibm engineering lifecycle management baseeq6.0
ibm engineering lifecycle management baseeq6.0.1
ibm engineering lifecycle management baseeq6.0.2
ibm engineering lifecycle management baseeq6.0.3
ibm engineering lifecycle management baseeq6.0.4
ibm engineering lifecycle management baseeq6.0.5
ibm engineering lifecycle optimization - engineering insightseq5.0

Name	Operator	Version
ibm engineering lifecycle management base	eq	5.0
ibm engineering lifecycle management base	eq	5.0.1
ibm engineering lifecycle management base	eq	5.0.2
ibm engineering lifecycle management base	eq	6.0
ibm engineering lifecycle management base	eq	6.0.1
ibm engineering lifecycle management base	eq	6.0.2
ibm engineering lifecycle management base	eq	6.0.3
ibm engineering lifecycle management base	eq	6.0.4
ibm engineering lifecycle management base	eq	6.0.5
ibm engineering lifecycle optimization - engineering insights	eq	5.0

Rows per page:

1-10 of 591

0.001 Low

EPSS

Percentile

32.6%

JSON

Related for 3A0DC866D169834663B5BA40C883A4DB6A1EE58CF81644BD47D83BADF875E5E2