IBM3C618CD0CE14720E74D219D5A4429E80CD0E3C75EA8BCAE9BB656EE3368F3DC2Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to some browser which may store a local cached copy of content received from web servers.(CVE-2021-20551)
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
12.6%
Summary
Summary guidance: Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time. It is recommended that users not share the same account on the same physical server.
Vulnerability Details
CVEID:CVE-2021-20551
**DESCRIPTION:**IBM Jazz Foundation allows web pages to be stored locally which can be read by another user on the system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199169 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Jazz Team Server | 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now.
| Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
|---|---|---|
| Jazz Team Server | 6.0.6 | Download and install iFix026 or later |
| Jazz Team Server | 6.0.6.1 | Download and install iFix025 or later |
| Jazz Team Server | 7.0 | Download and install iFix015 or later |
| Jazz Team Server | 7.0.1 | Download and install iFix017 or later |
| Jazz Team Server | 7.0.2 | Download and install iFix013 or later |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | ibm_engineering_lifecycle_management_base | 6.0.6 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:6.0.6:*:*:*:*:*:*:* |
| ibm | ibm_engineering_lifecycle_management_base | 6.0.6.1 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:6.0.6.1:*:*:*:*:*:*:* |
| ibm | ibm_engineering_lifecycle_management_base | 7.0 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:7.0:*:*:*:*:*:*:* |
| ibm | ibm_engineering_lifecycle_management_base | 7.0.1 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:7.0.1:*:*:*:*:*:*:* |
| ibm | ibm_engineering_lifecycle_management_base | 7.0.2 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:7.0.2:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
12.6%