Lucene search

K
ibmIBMD00CE0285A4F7F2D040FEB9E42204B251DB78A299D7FFC4E7348291016376C6E
HistoryJun 01, 2020 - 9:25 p.m.

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.

2020-06-0121:25:46
www.ibm.com
15

EPSS

0.001

Percentile

39.9%

Summary

There are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology.

Vulnerability Details

Refer to the security bulletins(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
CLM 6.0.6.1
CLM 6.0.6
CLM 6.0.2
ELM 7.0
Rhapsody DM 6.0.6
Rhapsody DM 6.0.6.1
Rhapsody DM 6.0.2
RDM 7.0
DNG 6.0.6
DNG 6.0.6.1
DNG 6.0.2
DOORS Next 7.0
RTC 6.0.2
RTC 6.0.6.1
EWM 7.0
RTC 6.0.6
RQM 6.0.6.1
RQM 6.0.6
ETM 7.0.0
RQM 6.0.2

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For ELM applications version 6.0 to 7.0 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)

Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)

Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2020-4421)

Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)

Workarounds and Mitigations

None

EPSS

0.001

Percentile

39.9%

Related for D00CE0285A4F7F2D040FEB9E42204B251DB78A299D7FFC4E7348291016376C6E