Lucene search

IBM97CDC805F58A9B1C47D1FD84E32A701014B49D66DDD17B2EC600FE00B246D4A3

HistoryAug 12, 2020 - 2:03 p.m.

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.

2020-08-1214:03:54

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
RQM	6.0.6.1
RQM	6.0.6
ETM	7.0.0
RQM	6.0.2
Rhapsody DM	6.0.6
Rhapsody DM	6.0.6.1
Rhapsody DM	6.0.2
RDM	7.0
RTC	6.0.2
RTC	6.0.6.1
EWM	7.0
RTC	6.0.6

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For ELM applications version 6.0 to 7.0 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)

Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)

Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)

Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)

Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)

Workarounds and Mitigations

None

CPENameOperatorVersion
rational rhapsody design managereq6.0
rational rhapsody design managereq7.0
rational quality managereq6.0
rational quality managereq7.0
rational team concerteq6.0
rational team concerteq7.0
rational collaborative lifecycle managementeq6.0
rational collaborative lifecycle managementeq7.0

Name	Operator	Version
rational rhapsody design manager	eq	6.0
rational rhapsody design manager	eq	7.0
rational quality manager	eq	6.0
rational quality manager	eq	7.0
rational team concert	eq	6.0
rational team concert	eq	7.0
rational collaborative lifecycle management	eq	6.0
rational collaborative lifecycle management	eq	7.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for 97CDC805F58A9B1C47D1FD84E32A701014B49D66DDD17B2EC600FE00B246D4A3