9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%
IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology may integrate with IBM WebSphere Application Server Liberty (WAS Liberty). Please review the following WAS Liberty Bulletins covering CVE-2021-39038, CVE-2021-23450 and take corrective actions.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Version(s) | Affected Product(s) |
---|---|
6.0.6, 6.0.6.1 | Collaborative Lifecycle Management (CLM) |
Global Configuration Management (GCM) | |
IBM Jazz Reporting Service (JRS) | |
Rational DOORS Next Generation (RDNG) | |
Rational Quality Manager (RQM) | |
Rational Team Concert (RTC) | |
7.0, 7.0.1, 7.0.2 | Engineering Lifecycle Management (ELM) |
IBM Engineering Requirements Management DOORS Next(DNG) | |
IBM Engineering Test Management (ETM) | |
IBM Engineering Workflow Management (EWM) | |
Global Configuration Management (GCM) | |
IBM Jazz Reporting Service (JRS) |
There are multiple vulnerabilities in IBM WebSphere Application Server Liberty which may be optionally installed with IBM Jazz Team Server-based products listed above. If you have installed IBM WebSphere Application Server Liberty review the links below and apply the following remediation guidance.
Start by reviewing the following Bulletins for upgrading Liberty to a Supported Version
Next, Review the following security bulletins to further patch your Liberty installation
WAS Liberty Security bulletins:
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%