Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Summary

There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Workflow Management (EWM), IBM Engineering Systems Design Rhapsody, IBM Engineering Requirements Quality Assistant On-Premises.

Vulnerability Details

CVEID:CVE-2020-8908
**DESCRIPTION:**Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192996 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2021-29786
**DESCRIPTION:**IBM Jazz Foundation stores user credentials in clear text which can be read by an authenticated user.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203172 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-29774
**DESCRIPTION:**IBM Engineering Requirements Quality Assistant could allow an authenticated user to obtain elevated privileges under certain configurations.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203025 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-29713
**DESCRIPTION:**IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-27219
**DESCRIPTION:**GNOME GLib could allow a remote attacker to cause a denial of service, caused by an integer overflow in the g_bytes_new function. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196782 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-29673
**DESCRIPTION:**IBM Engineering Workflow Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199482 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2018-1000632
**DESCRIPTION:**dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2020-10683
**DESCRIPTION:**dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-29844
**DESCRIPTION:**IBM Engineering Requirements Management DOORS Next is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

For the 6.0.6 - 7.0.2 releases:

Upgrade to version 7.0.2 iFix005 or later

• IBM Engineering Lifecycle Management 7.0.2 iFix007
• IBM Engineering Requirements Management DOORS Next 7.0.2 iFix007
• IBM Engineering Test Management 7.0.2 iFix007
• IBM Engineering Workflow Management 7.0.2 iFix007
• IBM Engineering Lifecycle Optimization - Engineering Insights:_ _Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007
• IBM Engineering Lifecycle Optimization - Publishing:_ _Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007
• IBM Engineering Systems Design Rhapsody - Design Manager:_ _Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007
• IBM Engineering Systems Design Rhapsody - Model Manager:_ _Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007

Upgrade to version 7.0.1 iFix010 or later

• IBM Engineering Lifecycle Management 7.0.1 iFix012
• IBM Engineering Requirements Management DOORS Next 7.0.1 iFix012
• IBM Engineering Test Management 7.0.1 iFix012
• IBM Engineering Workflow Management 7.0.1 iFix012
• IBM Engineering Lifecycle Optimization - Engineering Insights:_ _Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012
• IBM Engineering Lifecycle Optimization - Publishing:_ _Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012
• IBM Engineering Systems Design Rhapsody - Design Manager:_ _Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012
• IBM Engineering Systems Design Rhapsody - Model Manager:_ _Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012

Upgrade to version 7.0 iFix010 or later

• IBM Engineering Lifecycle Management 7.0 iFix012
• IBM Engineering Requirements Management DOORS Next 7.0 iFix012
• IBM Engineering Test Management 7.0 iFix012
• IBM Engineering Workflow Management 7.0 iFix012
• IBM Engineering Lifecycle Optimization - Engineering Insights:_ _Upgrade to version 7.0 and install server from ELM 7.0 iFix012
• IBM Engineering Lifecycle Optimization - Publishing:_ _Upgrade to version 7.0 and install server from ELM 7.0 iFix012
• IBM Engineering Systems Design Rhapsody - Design Manager:_ _Upgrade to version 7.0 and install server from ELM 7.0 iFix012
• IBM Engineering Systems Design Rhapsody - Model Manager:_ _Upgrade to version 7.0 and install server from ELM 7.0 iFix012

Upgrade to version 6.0.6.1 iFix018 or later

• Rational Collaborative Lifecycle Management 6.0.6.1 iFix020
• Rational DOORS Next Generation 6.0.6.1 iFix020
• Rational Quality Manager 6.0.6.1 iFix020
• Rational Team Concert 6.0.6.1 iFix020
• Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020
• Rational Publishing Engine:_ _Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020
• Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix0202
• IBM Rhapsody Model Manager:_ _Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020
• Rational Software Architect Design Manager:_ _Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020

Upgrade to version 6.0.6 iFix022 or later

• Rational Collaborative Lifecycle Management 6.0.6 iFix023
• Rational DOORS Next Generation 6.0.6 iFix023
• Rational Quality Manager 6.0.6 iFix023
• Rational Team Concert 6.0.6 iFix023
• Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
• Rational Publishing Engine:_ _Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
• Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
• IBM Rhapsody Model Manager:_ _Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
• Rational Software Architect Design Manager:_ _Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023

For IBM Engineering Requirements Quality Assistant On-Premises:

• Please follow the RQA Upgrade instructions.

For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

If the iFix is not found in the Fix Portal please contact IBM Support.

Workarounds and Mitigations

None