7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
55.3%
There is a vulnerability CVE-2021-4044 which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM).
CVEID:CVE-2021-4044
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by invalid handling of X509_verify_cert() internal errors in libssl. By using a specially crafted certificate chain an attacker could induce incorrect, application dependent behaviour and cause a crash or infinite loop.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215348 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)
Affected Product(s) | Version(s) |
---|---|
EWM | 7.0.2 |
EWM | 7.0.1 |
RTC | 6.0.6.1 |
EWM | 7.0 |
RTC | 6.0.6 |
For the 6.0.6 - 7.0.2 releases:
Upgrade to version 7.0.2 iFix013 or later
IBM Engineering Lifecycle Management 7.0.2 iFix013
IBM Engineering Workflow Management 7.0.2 iFix013
Upgrade to version 7.0.1 iFix017 or later
IBM Engineering Lifecycle Management 7.0.1 iFix017
IBM Engineering Workflow Management 7.0.1 iFix017
Upgrade to version 7.0 iFix015 or later
IBM Engineering Lifecycle Management 7.0 iFix015
IBM Engineering Workflow Management 7.0 iFix015
Upgrade to version 6.0.6.1 iFix025 or later
Rational Collaborative Lifecycle Management 6.0.6.1 iFix025
Rational Team Concert 6.0.6.1 iFix025
Upgrade to version 6.0.6 iFix026 or later
Rational Collaborative Lifecycle Management 6.0.6 iFix026
Rational Team Concert 6.0.6 iFix026
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
55.3%