Lucene search

IBMB89FCDDCBC54FDFE276AC83C009742CA50449DB813ACE03283A052C8A1E34832

HistoryAug 29, 2024 - 6:50 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities

2024-08-2906:50:24

www.ibm.com

ibm engineering lifecycle

ibm sdk

java technology edition

cve

oracle

critical patch update

jazz foundation

engineering insights

publishing

requirements management

doors next

workflow management

test management

global configuration management

jazz reporting service

security bulletin

remediation

ibm support pages.

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

Summary

This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle Optimization - Engineering Insights, IBM Engineering Lifecycle Optimization - Publishing, IBM Engineering Requirements Management DOORS Next, Global Configuration Management, IBM Engineering Workflow Management, IBM Jazz Reporting Service, IBM Engineering Test Management

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
Jazz Foundation	7.0.2
IBM Engineering Requirements Management DOORS Next
IBM Engineering Workflow Management
IBM Engineering Test Management
IBM Engineering Lifecycle Optimization - Publishing
IBM Engineering Lifecycle Optimization - Engineering Insights
IBM Jazz Reporting Service
Global Configuration Management
Jazz Foundation	7.0.3
IBM Engineering Requirements Management DOORS Next
IBM Engineering Workflow Management
IBM Engineering Test Management
IBM Engineering Lifecycle Optimization - Publishing
IBM Engineering Lifecycle Optimization - Engineering Insights
IBM Jazz Reporting Service
Global Configuration Management

Remediation/Fixes

This vulnerability affects multiple IBM® Engineering Lifecycle Engineering products mentioned above, which uses IBM® SDK, Java™ Technology Edition.

If the Product is deployed on one of the above versions, Please follow the instruction given in the following article

Link - <https://www.ibm.com/support/pages/node/7165421>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmibm_engineering_lifecycle_management_baseMatch702

ibmibm_engineering_lifecycle_management_baseMatch703

VendorProductVersionCPE
ibmibm_engineering_lifecycle_management_base702cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:702:*:*:*:*:*:*:*
ibmibm_engineering_lifecycle_management_base703cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:703:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	ibm_engineering_lifecycle_management_base	702	cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:702:::::::*
ibm	ibm_engineering_lifecycle_management_base	703	cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:703:::::::*