Lucene search

[email protected]NVD:CVE-2020-4495

HistoryJun 02, 2021 - 9:15 p.m.

CVE-2020-4495

2021-06-0221:15:07

[email protected]

web.nvd.nist.gov

ibm

jazz foundation

engineering

security restrictions

access control

remote attacker

rest api

vulnerability

administrative privileges

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.8%

JSON

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.

Affected configurations

Nvd

Node

ibmcollaborative_lifecycle_managementMatch6.0.6

ibmcollaborative_lifecycle_managementMatch6.0.6.1

ibmengineering_lifecycle_managementMatch7.0

ibmengineering_lifecycle_managementMatch7.0.1

ibmengineering_lifecycle_managementMatch7.0.2

ibmengineering_lifecycle_optimization_-_engineering_insightsMatch7.0

ibmengineering_lifecycle_optimization_-_engineering_insightsMatch7.0.1

ibmengineering_lifecycle_optimization_-_engineering_insightsMatch7.0.2

ibmengineering_lifecycle_optimization_-_publishingMatch7.0

ibmengineering_lifecycle_optimization_-_publishingMatch7.0.1

ibmengineering_lifecycle_optimization_-_publishingMatch7.0.2

ibmengineering_test_managementMatch7.0.0

ibmengineering_test_managementMatch7.0.1

ibmrational_doors_next_generationMatch6.0.6

ibmrational_doors_next_generationMatch6.0.6.1

ibmrational_doors_next_generationMatch7.0

ibmrational_doors_next_generationMatch7.0.1

ibmrational_doors_next_generationMatch7.0.2

ibmrational_engineering_lifecycle_managerMatch6.0.6

ibmrational_engineering_lifecycle_managerMatch6.0.6.1

ibmrational_quality_managerMatch6.0.6

ibmrational_quality_managerMatch6.0.6.1

ibmremovable_media_managerMatch6.0.6

ibmremovable_media_managerMatch6.0.6.1

ibmremovable_media_managerMatch7.0

VendorProductVersionCPE
ibmcollaborative_lifecycle_management6.0.6cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*
ibmcollaborative_lifecycle_management6.0.6.1cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*
ibmengineering_lifecycle_management7.0cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*
ibmengineering_lifecycle_management7.0.1cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*
ibmengineering_lifecycle_management7.0.2cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_engineering_insights7.0cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_engineering_insights7.0.1cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_engineering_insights7.0.2cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_publishing7.0cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_publishing7.0.1cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	collaborative_lifecycle_management	6.0.6	cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:::::::*
ibm	collaborative_lifecycle_management	6.0.6.1	cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:::::::*
ibm	engineering_lifecycle_management	7.0	cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:::::::*
ibm	engineering_lifecycle_management	7.0.1	cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:::::::*
ibm	engineering_lifecycle_management	7.0.2	cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:::::::*
ibm	engineering_lifecycle_optimization_-_engineering_insights	7.0	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:::::::*
ibm	engineering_lifecycle_optimization_-_engineering_insights	7.0.1	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:::::::*
ibm	engineering_lifecycle_optimization_-_engineering_insights	7.0.2	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:::::::*
ibm	engineering_lifecycle_optimization_-_publishing	7.0	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:::::::*
ibm	engineering_lifecycle_optimization_-_publishing	7.0.1	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:::::::*

Rows per page:

1-10 of 251

References

exchange.xforce.ibmcloud.com/vulnerabilities/182114

www.ibm.com/support/pages/node/6457739

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.8%

JSON

Related for NVD:CVE-2020-4495

cve1 prion1 cvelist1 ibm1