Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9CCB5600307BC1696BC5DC8EA9108C2F7045544B7385B93BDFFC014D52FA1BBF
HistoryJul 18, 2023 - 7:23 a.m.

Security Bulletin: Vulnerability in Junit library affects IBM Engineering Test Management (ETM) ( CVE-2020-15250)

2023-07-1807:23:34
www.ibm.com
14

0.001 Low

EPSS

Percentile

28.6%

JSON

Summary

This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability.

Vulnerability Details

CVEID:CVE-2020-15250
**DESCRIPTION:**JUnit4 could allow a local attacker to obtain sensitive information, caused by a flaw in test rule TemporaryFolder. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189677 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
ETM 7.0.1
ETM 7.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of Junit library.

Suggested :

Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
Engineering Test Management | 7.0.1|

Download and apply ETM 7.0.1 iFix22 from Fix Central here

Engineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix23 from Fix Central here

Workarounds and Mitigations

None

Related

osv 4
nessus 7
cvelist 1
ubuntucve 1
openvas 7
ibm 9
alpinelinux 1
veracode 1
cve 1
mageia 1
debian 1
prion 1
ubuntu 1
redhatcve 1
rosalinux 1
debiancve 1
github 1
redhat 1
oracle 5
osv
osv
junit4 - security update
2020-11-01 00:00:00
junit4 vulnerability
2021-02-10 18:56:08
CVE-2020-15250
2020-10-12 18:15:13
nessus
nessus
EulerOS 2.0 SP3 : junit (EulerOS-SA-2021-1807)
2021-04-30 00:00:00
Debian DLA-2426-1 : junit4 security update
2020-11-02 00:00:00
EulerOS 2.0 SP2 : junit (EulerOS-SA-2021-2391)
2021-09-14 00:00:00
cvelist
cvelist
CVE-2020-15250 Information disclosure in JUnit4
2020-10-12 17:55:13
ubuntucve
ubuntucve
CVE-2020-15250
2020-10-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for junit (EulerOS-SA-2021-1878)
2021-05-19 00:00:00
Ubuntu: Security Advisory (USN-4731-1)
2021-02-11 00:00:00
Huawei EulerOS: Security Advisory for junit (EulerOS-SA-2021-2391)
2021-09-15 00:00:00
ibm
ibm
Security Bulletin: Addressing the Security vulnerability CVE-2020-15250 found in junit-4.10.jar and its previous versions as part of ITCAM for Transactions
2023-08-30 10:53:41
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to JUnit4 (CVE-2020-15250)
2022-10-18 18:36:14
Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)
2022-08-16 19:40:01
alpinelinux
alpinelinux
CVE-2020-15250
2020-10-12 18:15:00
veracode
veracode
Information Disclosure
2020-10-13 01:33:20
cve
cve
CVE-2020-15250
2020-10-12 18:15:00
mageia
mageia
Updated junit packages fix a security vulnerability
2020-11-08 17:14:27
debian
debian
[SECURITY] [DLA 2426-1] junit4 security update
2020-11-01 17:12:42
prion
prion
Information disclosure
2020-10-12 18:15:00
ubuntu
ubuntu
JUnit 4 vulnerability
2021-02-10 00:00:00
redhatcve
redhatcve
CVE-2020-15250
2020-10-13 20:15:34
rosalinux
rosalinux
Advisory ROSA-SA-2021-1857
2021-07-02 17:07:48
debiancve
debiancve
CVE-2020-15250
2020-10-12 18:15:00
github
github
TemporaryFolder on unix-like systems does not limit access to created files
2020-10-12 17:33:00
redhat
redhat
(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update
2022-07-07 14:16:35
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

0.001 Low

EPSS

Percentile

28.6%

JSON
Related for 9CCB5600307BC1696BC5DC8EA9108C2F7045544B7385B93BDFFC014D52FA1BBF
osv4nessus7cvelist1ubuntucve1openvas7ibm9alpinelinux1veracode1cve1mageia1debian1prion1ubuntu1redhatcve1rosalinux1debiancve1github1redhat1oracle5