Security Bulletin: Vulnerabilities (CVE-2021-39038, CVE-2021-23450) in IBM WebSphere Application Server may impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology

2022-04-0619:41:01

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Summary

IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology may integrate with IBM WebSphere Application Server (WAS). Please review the following WAS Bulletins (CVE-2021-39038, CVE-2021-23450) and take corrective actions.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Version(s)	Affected Product(s)
6.0.6, 6.0.6.1	Collaborative Lifecycle Management (CLM)
Global Configuration Management (GCM)
IBM Jazz Reporting Service (JRS)
Rational DOORS Next Generation (RDNG)
Rational Quality Manager (RQM)
Rational Team Concert (RTC)
7.0, 7.0.1, 7.0.2	Engineering Lifecycle Management (ELM)
IBM Engineering Requirements Management DOORS Next(DNG)
IBM Engineering Test Management (ETM)
IBM Engineering Workflow Management (EWM)
Global Configuration Management (GCM)
IBM Jazz Reporting Service (JRS)

Remediation/Fixes

If you have integrated IBM Jazz Team Server-based products listed above with IBM WebSphere Application Server (WAS). Review the following links and apply the remediation guidance appropriate for your server version affected (see the links for specific version information).

Workarounds and Mitigations

None

CPENameOperatorVersion
rational doors next generationeq6.0.6
rational doors next generationeq7.0.2
rational quality managereq6.0.6
rational quality managereq7.0.2
rational collaborative lifecycle managementeq6.0.6
rational collaborative lifecycle managementeq7.0.2
rational team concerteq6.0.6
rational team concerteq7.0.2
rational rhapsody design managereq6.0.6
rational rhapsody design managereq7.0.2

Name	Operator	Version
rational doors next generation	eq	6.0.6
rational doors next generation	eq	7.0.2
rational quality manager	eq	6.0.6
rational quality manager	eq	7.0.2
rational collaborative lifecycle management	eq	6.0.6
rational collaborative lifecycle management	eq	7.0.2
rational team concert	eq	6.0.6
rational team concert	eq	7.0.2
rational rhapsody design manager	eq	6.0.6
rational rhapsody design manager	eq	7.0.2