Lucene search

IBM4F83B26494F5C02A937F66487471A788F350B0FE1D9EABC80254DB502CA97A51

HistoryNov 12, 2020 - 3:45 p.m.

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products based on IBM Jazz technology.

2020-11-1215:45:10

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
RQM	6.0.6.1
RQM	6.0.6
ETM	7.0.0
RQM	6.0.2
ETM	7.0.1
Rhapsody DM	6.0.6
Rhapsody DM	6.0.6.1
Rhapsody DM	6.0.2
RDM	7.0
RDM	7.0.1
RTC	6.0.2
RTC	6.0.6.1
EWM	7.0
RTC	6.0.6
EWM	7.0.1
CLM	6.0.2
CLM	6.0.6
CLM	6.0.6.1
ELM	7.0
ELM	7.0.1
RDNG	6.0.2
RDNG	6.0.6
RDNG	6.0.6.1
DOORS Next	7.0
DOORS Next	7.0.1

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For ELM applications version 6.0 to 7.0.2 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576)

Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4629)

Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)

Security Bulletin: Denial of service vulnerability in WebSphere Application Server Liberty (CVE-2020-4590)

Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)

Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)

Security Bulletin: Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693)

Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)

Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)

Security Bulletin: WebSphere Application Server Admin Console is vulnerable to a directory traversal vulnerability (CVE-2020-4782)

Workarounds and Mitigations

None

CPENameOperatorVersion
rational software architect design managereq6.0.2
rational software architect design managereq7.0.2
rational collaborative lifecycle managementeq6.0.2
rational collaborative lifecycle managementeq7.0.2
rational team concerteq6.0.2
rational team concerteq7.0.2
rational quality managereq6.0.2
rational quality managereq7.0.2
rational doors next generationeq6.0.2
rational doors next generationeq7.0.2

Name	Operator	Version
rational software architect design manager	eq	6.0.2
rational software architect design manager	eq	7.0.2
rational collaborative lifecycle management	eq	6.0.2
rational collaborative lifecycle management	eq	7.0.2
rational team concert	eq	6.0.2
rational team concert	eq	7.0.2
rational quality manager	eq	6.0.2
rational quality manager	eq	7.0.2
rational doors next generation	eq	6.0.2
rational doors next generation	eq	7.0.2