Vulnerabilites related to ibm - engineering_workflow_management
CVE-2020-4964 (GCVE-0-2020-4964)
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 19:09
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Data Manipulation
Summary
IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6441803"
          },
          {
            "name": "ibm-jazz-cve20204964-phishing (192419)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:L/C:N/A:N/UI:N/S:U/AV:N/AC:L/PR:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T18:00:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6441803"
        },
        {
          "name": "ibm-jazz-cve20204964-phishing (192419)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-04-09T00:00:00",
          "ID": "CVE-2020-4964",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6441803",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6441803"
            },
            {
              "name": "ibm-jazz-cve20204964-phishing (192419)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4964",
    "datePublished": "2021-04-12T18:00:23.918366Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T19:09:59.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20447 (GCVE-0-2021-20447)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-16 22:40
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.
References
Impacted products
Vendor Product Version
IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:24.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120447-xss (196623)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/UI:R/AV:N/I:L/S:C/PR:L/A:N/AC:L/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120447-xss (196623)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20447",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120447-xss (196623)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20447",
    "datePublished": "2021-03-30T16:45:30.002231Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T22:40:57.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29786 (GCVE-0-2021-29786)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-16 19:31
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
References
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Optimization Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-jazz-cve202129786-info-disc (203172)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/I:N/S:U/PR:L/AV:N/UI:N/AC:L/A:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-jazz-cve202129786-info-disc (203172)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29786",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-jazz-cve202129786-info-disc (203172)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29786",
    "datePublished": "2021-10-27T16:00:29.665687Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T19:31:21.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20506 (GCVE-0-2021-20506)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-16 19:25
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
References
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120506-xss (198233)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198233"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/C:L/AV:N/I:L/A:N/AC:L/S:C/PR:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:32",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120506-xss (198233)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198233"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120506-xss (198233)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198233"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20506",
    "datePublished": "2021-03-30T16:45:32.794674Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T19:25:24.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20518 (GCVE-0-2021-20518)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-17 00:06
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.
References
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120518-xss (198437)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/S:C/PR:L/I:L/UI:R/C:L/AV:N/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:33",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120518-xss (198437)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198437"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20518",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120518-xss (198437)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198437"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20518",
    "datePublished": "2021-03-30T16:45:33.454159Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T00:06:10.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20504 (GCVE-0-2021-20504)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-17 00:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120504-xss (198231)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/I:L/AV:N/UI:R/C:L/PR:L/S:C/AC:L/A:N/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:32",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120504-xss (198231)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120504-xss (198231)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20504",
    "datePublished": "2021-03-30T16:45:32.118822Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T00:46:59.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5004 (GCVE-0-2020-5004)
Vulnerability from cvelistv5
Published
2021-07-28 12:25
Modified
2024-09-16 17:44
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6475919"
          },
          {
            "name": "ibm-jazz-cve20205004-xss (192957)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/AV:N/A:N/UI:R/C:L/AC:L/S:C/I:L/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-28T12:25:12",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6475919"
        },
        {
          "name": "ibm-jazz-cve20205004-xss (192957)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-27T00:00:00",
          "ID": "CVE-2020-5004",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6475919",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6475919"
            },
            {
              "name": "ibm-jazz-cve20205004-xss (192957)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-5004",
    "datePublished": "2021-07-28T12:25:13.063011Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T17:44:16.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4975 (GCVE-0-2020-4975)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 21:07
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-jazz-cve20204975-xss (192435)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/S:C/A:N/AC:L/AV:N/UI:R/I:L/C:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:42",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-jazz-cve20204975-xss (192435)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2020-4975",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-jazz-cve20204975-xss (192435)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4975",
    "datePublished": "2021-03-04T19:05:42.516646Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T21:07:17.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4856 (GCVE-0-2020-4856)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 19:40
Severity ?
6.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-engineering-cve20204856-xss (190459)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/AV:N/UI:N/C:L/I:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:39",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-engineering-cve20204856-xss (190459)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2020-4856",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-engineering-cve20204856-xss (190459)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4856",
    "datePublished": "2021-03-04T19:05:39.571133Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T19:40:54.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20519 (GCVE-0-2021-20519)
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 22:24
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6441803"
          },
          {
            "name": "ibm-engineering-cve202120519-xss (198441)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/I:L/C:L/A:N/AC:L/S:C/AV:N/UI:R/PR:L/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T18:00:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6441803"
        },
        {
          "name": "ibm-engineering-cve202120519-xss (198441)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-04-09T00:00:00",
          "ID": "CVE-2021-20519",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6441803",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6441803"
            },
            {
              "name": "ibm-engineering-cve202120519-xss (198441)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20519",
    "datePublished": "2021-04-12T18:00:25.456334Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T22:24:46.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4487 (GCVE-0-2020-4487)
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-16 18:50
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.
References
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6398742"
          },
          {
            "name": "ibm-jazz-cve20204487-info-disc (181862)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/A:N/S:U/C:L/AC:L/UI:N/AV:N/I:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-08T20:40:22",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6398742"
        },
        {
          "name": "ibm-jazz-cve20204487-info-disc (181862)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-07T00:00:00",
          "ID": "CVE-2020-4487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6398742",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6398742"
            },
            {
              "name": "ibm-jazz-cve20204487-info-disc (181862)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4487",
    "datePublished": "2021-01-08T20:40:22.413554Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:50:20.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4697 (GCVE-0-2020-4697)
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 03:34
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:57.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6398742"
          },
          {
            "name": "ibm-jazz-cve20204697-xss (186790)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:C/PR:L/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-08T20:40:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6398742"
        },
        {
          "name": "ibm-jazz-cve20204697-xss (186790)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-07T00:00:00",
          "ID": "CVE-2020-4697",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6398742",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6398742"
            },
            {
              "name": "ibm-jazz-cve20204697-xss (186790)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4697",
    "datePublished": "2021-01-08T20:40:24.603243Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:34:13.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20357 (GCVE-0-2021-20357)
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-16 22:41
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
References
Impacted products
Vendor Product Version
IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:24.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-gcm-cve202120357-xss (194963)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/S:C/A:N/UI:R/I:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:28",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-gcm-cve202120357-xss (194963)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2021-20357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-gcm-cve202120357-xss (194963)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20357",
    "datePublished": "2021-01-27T16:15:28.467865Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T22:41:31.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20503 (GCVE-0-2021-20503)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-17 04:09
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120503-xss (198182)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198182"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/I:L/C:L/UI:R/AV:N/AC:L/A:N/S:C/PR:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:31",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120503-xss (198182)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198182"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120503-xss (198182)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198182"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20503",
    "datePublished": "2021-03-30T16:45:31.424642Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T04:09:00.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20350 (GCVE-0-2021-20350)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 17:28
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-engineering-cve202120350-xss (194707)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/C:L/I:L/UI:R/A:N/S:C/PR:L/AC:L/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:43",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-engineering-cve202120350-xss (194707)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2021-20350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-engineering-cve202120350-xss (194707)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20350",
    "datePublished": "2021-03-04T19:05:43.976267Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T17:28:43.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29673 (GCVE-0-2021-29673)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-17 00:45
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:06.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-engineering-cve202129673-xss (199482)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AC:L/A:N/PR:L/AV:N/C:L/I:L/S:C/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-engineering-cve202129673-xss (199482)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29673",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-engineering-cve202129673-xss (199482)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29673",
    "datePublished": "2021-10-27T16:00:24.866700Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T00:45:51.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4920 (GCVE-0-2020-4920)
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 18:49
Severity ?
6.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.
References
Impacted products
Vendor Product Version
IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6441803"
          },
          {
            "name": "ibm-engineering-cve20204920-xss (191396)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/C:L/I:L/PR:L/S:C/AC:L/AV:N/UI:N/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T18:00:22",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6441803"
        },
        {
          "name": "ibm-engineering-cve20204920-xss (191396)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-04-09T00:00:00",
          "ID": "CVE-2020-4920",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6441803",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6441803"
            },
            {
              "name": "ibm-engineering-cve20204920-xss (191396)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4920",
    "datePublished": "2021-04-12T18:00:23.065458Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:49:15.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4974 (GCVE-0-2020-4974)
Vulnerability from cvelistv5
Published
2021-07-28 12:25
Modified
2024-09-17 01:41
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
References
Impacted products
Vendor Product Version
IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6475919"
          },
          {
            "name": "ibm-jazz-cve20204974-ssrf (192434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/UI:N/C:L/AV:N/PR:L/I:L/AC:L/S:U/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-28T12:25:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6475919"
        },
        {
          "name": "ibm-jazz-cve20204974-ssrf (192434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-27T00:00:00",
          "ID": "CVE-2020-4974",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6475919",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6475919"
            },
            {
              "name": "ibm-jazz-cve20204974-ssrf (192434)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4974",
    "datePublished": "2021-07-28T12:25:11.431091Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T01:41:02.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4855 (GCVE-0-2020-4855)
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-17 01:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-engineering-cve20204855-xss (190457)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/UI:R/S:C/I:L/PR:L/C:L/AV:N/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-engineering-cve20204855-xss (190457)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204855-xss (190457)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4855",
    "datePublished": "2021-01-27T16:15:27.177472Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T01:46:27.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4865 (GCVE-0-2020-4865)
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-16 20:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
References
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Optimization Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-engineering-cve20204865-xss (190741)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/PR:L/C:L/I:L/AC:L/S:C/UI:R/A:N/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-engineering-cve20204865-xss (190741)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4865",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204865-xss (190741)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4865",
    "datePublished": "2021-01-27T16:15:27.819250Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T20:21:28.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4863 (GCVE-0-2020-4863)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 18:34
Severity ?
6.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-engineering-cve20204863-xss (190566)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/I:L/C:L/AV:N/AC:L/PR:L/S:C/A:N/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:40",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-engineering-cve20204863-xss (190566)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2020-4863",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-engineering-cve20204863-xss (190566)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4863",
    "datePublished": "2021-03-04T19:05:41.061621Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:34:09.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4546 (GCVE-0-2020-4546)
Vulnerability from cvelistv5
Published
2020-09-02 18:25
Modified
2024-09-16 16:29
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6325343"
          },
          {
            "name": "ibm-ewm-cve20204546-xss (183314)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/PR:L/A:N/I:L/AC:L/S:C/AV:N/C:L/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T18:25:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6325343"
        },
        {
          "name": "ibm-ewm-cve20204546-xss (183314)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-01T00:00:00",
          "ID": "CVE-2020-4546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6325343",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6325343 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6325343"
            },
            {
              "name": "ibm-ewm-cve20204546-xss (183314)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4546",
    "datePublished": "2020-09-02T18:25:25.260434Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T16:29:04.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4857 (GCVE-0-2020-4857)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-17 03:43
Severity ?
6.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-engineering-cve20204857-xss (190460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/AV:N/UI:N/C:L/I:L/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:40",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-engineering-cve20204857-xss (190460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2020-4857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-engineering-cve20204857-xss (190460)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4857",
    "datePublished": "2021-03-04T19:05:40.309975Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:43:11.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4748 (GCVE-0-2019-4748)
Vulnerability from cvelistv5
Published
2020-07-16 15:05
Modified
2024-09-17 00:40
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
References
Impacted products
Vendor Product Version
IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6249133"
          },
          {
            "name": "ibm-jazz-cve20194748-xss (173174)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/C:L/I:L/AC:L/S:C/A:N/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T15:05:34",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6249133"
        },
        {
          "name": "ibm-jazz-cve20194748-xss (173174)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-15T00:00:00",
          "ID": "CVE-2019-4748",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6249133",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6249133 (Rational Collaborative Lifecycle Management)",
              "url": "https://www.ibm.com/support/pages/node/6249133"
            },
            {
              "name": "ibm-jazz-cve20194748-xss (173174)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4748",
    "datePublished": "2020-07-16T15:05:34.858701Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:40:48.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4733 (GCVE-0-2020-4733)
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 00:25
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6398742"
          },
          {
            "name": "ibm-jazz-cve20204733-xss (188127)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/UI:R/C:L/I:L/AV:N/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-08T20:40:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6398742"
        },
        {
          "name": "ibm-jazz-cve20204733-xss (188127)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-07T00:00:00",
          "ID": "CVE-2020-4733",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6398742",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6398742"
            },
            {
              "name": "ibm-jazz-cve20204733-xss (188127)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4733",
    "datePublished": "2021-01-08T20:40:25.291517Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T00:25:50.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4965 (GCVE-0-2020-4965)
Vulnerability from cvelistv5
Published
2021-04-12 18:00
Modified
2024-09-16 21:07
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
References
Impacted products
Vendor Product Version
IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6441803"
          },
          {
            "name": "ibm-jazz-cve20204965-info-disc (192422)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/I:N/A:N/UI:N/S:U/AC:H/AV:N/PR:N/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T18:00:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6441803"
        },
        {
          "name": "ibm-jazz-cve20204965-info-disc (192422)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-04-09T00:00:00",
          "ID": "CVE-2020-4965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6441803",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6441803 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6441803"
            },
            {
              "name": "ibm-jazz-cve20204965-info-disc (192422)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4965",
    "datePublished": "2021-04-12T18:00:24.743638Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T21:07:23.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20352 (GCVE-0-2021-20352)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-16 22:24
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120352-xss (194710)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194710"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/PR:L/S:C/I:L/AV:N/C:L/UI:R/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120352-xss (194710)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194710"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20352",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120352-xss (194710)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194710"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20352",
    "datePublished": "2021-03-30T16:45:29.336671Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T22:24:39.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28793 (GCVE-0-2024-28793)
Vulnerability from cvelistv5
Published
2024-05-28 12:00
Modified
2025-02-13 17:47
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0.2, 7.0.3
    cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28793",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T14:38:41.003485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:54.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7154955"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286830"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/24/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.2, 7.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286830."
            }
          ],
          "value": "IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286830."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T18:08:21.281Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7154955"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286830"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/24/2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Engineering Workflow Management cross-site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-28793",
    "datePublished": "2024-05-28T12:00:47.899Z",
    "dateReserved": "2024-03-10T12:23:33.662Z",
    "dateUpdated": "2025-02-13T17:47:31.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20340 (GCVE-0-2021-20340)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-16 19:35
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.
References
Impacted products
Vendor Product Version
IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-engineering-cve202120340-xss (194451)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/S:C/PR:L/AC:L/AV:N/C:L/I:L/UI:R/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:43",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-engineering-cve202120340-xss (194451)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2021-20340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-engineering-cve202120340-xss (194451)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20340",
    "datePublished": "2021-03-04T19:05:43.218269Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T19:35:33.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20351 (GCVE-0-2021-20351)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-17 00:10
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-engineering-cve202120351-xss (194708)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/C:L/I:L/AV:N/AC:L/PR:L/A:N/S:C/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:44",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-engineering-cve202120351-xss (194708)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2021-20351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-engineering-cve202120351-xss (194708)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20351",
    "datePublished": "2021-03-04T19:05:44.675900Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T00:10:34.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4747 (GCVE-0-2019-4747)
Vulnerability from cvelistv5
Published
2020-07-16 15:05
Modified
2024-09-17 01:36
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:49.105Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6249135"
          },
          {
            "name": "ibm-rtc-cve20194747-xss (172887)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172887"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/UI:R/PR:L/C:L/A:N/S:C/AC:L/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T15:05:34",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6249135"
        },
        {
          "name": "ibm-rtc-cve20194747-xss (172887)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172887"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-15T00:00:00",
          "ID": "CVE-2019-4747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6249135",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6249135 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6249135"
            },
            {
              "name": "ibm-rtc-cve20194747-xss (172887)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172887"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4747",
    "datePublished": "2020-07-16T15:05:34.428791Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:36:43.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4866 (GCVE-0-2020-4866)
Vulnerability from cvelistv5
Published
2021-03-04 19:05
Modified
2024-09-17 02:52
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:58.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417585"
          },
          {
            "name": "ibm-engineering-cve20204866-xss (190742)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/S:C/PR:L/C:L/I:L/UI:R/AV:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-04T19:05:41",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417585"
        },
        {
          "name": "ibm-engineering-cve20204866-xss (190742)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2020-4866",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417585",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417585 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6417585"
            },
            {
              "name": "ibm-engineering-cve20204866-xss (190742)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4866",
    "datePublished": "2021-03-04T19:05:41.813875Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:52:06.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4525 (GCVE-0-2020-4525)
Vulnerability from cvelistv5
Published
2020-08-04 16:00
Modified
2024-09-17 02:51
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6255694"
          },
          {
            "name": "ibm-ewm-cve20204525-xss (182435)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-08-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/I:L/A:N/S:C/PR:L/C:L/AC:L/AV:N/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-04T16:00:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6255694"
        },
        {
          "name": "ibm-ewm-cve20204525-xss (182435)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-08-03T00:00:00",
          "ID": "CVE-2020-4525",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6255694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6255694"
            },
            {
              "name": "ibm-ewm-cve20204525-xss (182435)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4525",
    "datePublished": "2020-08-04T16:00:26.440002Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:51:30.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5031 (GCVE-0-2020-5031)
Vulnerability from cvelistv5
Published
2021-07-19 16:00
Modified
2024-09-16 18:43
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6473141"
          },
          {
            "name": "ibm-engineering-cve20205031-xss (193738)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/S:C/A:N/C:L/AC:L/UI:R/PR:L/I:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T16:00:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6473141"
        },
        {
          "name": "ibm-engineering-cve20205031-xss (193738)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-16T00:00:00",
          "ID": "CVE-2020-5031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6473141",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)",
              "url": "https://www.ibm.com/support/pages/node/6473141"
            },
            {
              "name": "ibm-engineering-cve20205031-xss (193738)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-5031",
    "datePublished": "2021-07-19T16:00:23.796624Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:43:31.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29701 (GCVE-0-2021-29701)
Vulnerability from cvelistv5
Published
2022-01-11 16:25
Modified
2024-09-17 04:15
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6539546"
          },
          {
            "name": "ibm-engineering-cve202129701-info-disc (200657)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200657"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2022-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/AV:N/A:N/PR:L/I:N/UI:N/AC:L/C:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-11T16:25:16",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6539546"
        },
        {
          "name": "ibm-engineering-cve202129701-info-disc (200657)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200657"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-01-10T00:00:00",
          "ID": "CVE-2021-29701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6539546",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6539546 (Engineering Workflow Management)",
              "url": "https://www.ibm.com/support/pages/node/6539546"
            },
            {
              "name": "ibm-engineering-cve202129701-info-disc (200657)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200657"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29701",
    "datePublished": "2022-01-11T16:25:16.923850Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T04:15:14.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4544 (GCVE-0-2020-4544)
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 00:41
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:49.001Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6398742"
          },
          {
            "name": "ibm-jazz-cve20204544-info-disc (183189)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        }
      ],
      "datePublic": "2021-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/S:U/PR:L/AV:N/I:N/AC:L/UI:N/C:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-08T20:40:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6398742"
        },
        {
          "name": "ibm-jazz-cve20204544-info-disc (183189)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-07T00:00:00",
          "ID": "CVE-2020-4544",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6398742",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6398742"
            },
            {
              "name": "ibm-jazz-cve20204544-info-disc (183189)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4544",
    "datePublished": "2021-01-08T20:40:23.147853Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T00:41:58.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4522 (GCVE-0-2020-4522)
Vulnerability from cvelistv5
Published
2020-09-02 18:25
Modified
2024-09-16 21:02
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6325343"
          },
          {
            "name": "ibm-doors-cve20204522-xss (182397)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/PR:L/A:N/AC:L/I:L/C:L/AV:N/S:C/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T18:25:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6325343"
        },
        {
          "name": "ibm-doors-cve20204522-xss (182397)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-01T00:00:00",
          "ID": "CVE-2020-4522",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6325343",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6325343 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6325343"
            },
            {
              "name": "ibm-doors-cve20204522-xss (182397)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4522",
    "datePublished": "2020-09-02T18:25:24.836456Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T21:02:30.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20502 (GCVE-0-2021-20502)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-17 04:13
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.
References
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120502-xxe (198059)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198059"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:N/C:H/UI:N/AV:N/AC:L/A:L/S:U/PR:L/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:30",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120502-xxe (198059)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198059"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120502-xxe (198059)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198059"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20502",
    "datePublished": "2021-03-30T16:45:30.720803Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T04:13:44.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4691 (GCVE-0-2020-4691)
Vulnerability from cvelistv5
Published
2021-01-08 20:40
Modified
2024-09-17 01:26
Severity ?
4.6 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Rhapsody Model Manager Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 6.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:57.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6398742"
          },
          {
            "name": "ibm-jazz-cve20204691-xss (186698)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:U/PR:L/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-08T20:40:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6398742"
        },
        {
          "name": "ibm-jazz-cve20204691-xss (186698)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-07T00:00:00",
          "ID": "CVE-2020-4691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6398742",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6398742"
            },
            {
              "name": "ibm-jazz-cve20204691-xss (186698)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4691",
    "datePublished": "2021-01-08T20:40:23.887295Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T01:26:13.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4524 (GCVE-0-2020-4524)
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-16 19:09
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:49.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-jazz-cve20204524-xss (182434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/A:N/UI:R/S:C/I:L/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-jazz-cve20204524-xss (182434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204524-xss (182434)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4524",
    "datePublished": "2021-01-27T16:15:25.871778Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T19:09:56.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4445 (GCVE-0-2020-4445)
Vulnerability from cvelistv5
Published
2020-09-02 18:25
Modified
2024-09-17 03:23
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.667Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6325343"
          },
          {
            "name": "ibm-jazz-cve20204445-xss (181122)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/S:C/C:L/PR:L/UI:R/A:N/I:L/AC:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T18:25:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6325343"
        },
        {
          "name": "ibm-jazz-cve20204445-xss (181122)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-01T00:00:00",
          "ID": "CVE-2020-4445",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6325343",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6325343 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6325343"
            },
            {
              "name": "ibm-jazz-cve20204445-xss (181122)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4445",
    "datePublished": "2020-09-02T18:25:24.362761Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:23:17.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20507 (GCVE-0-2021-20507)
Vulnerability from cvelistv5
Published
2021-07-19 16:00
Modified
2024-09-17 03:12
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6473141"
          },
          {
            "name": "ibm-jazz-cve202120507-xss (198235)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/C:L/AC:L/S:C/AV:N/I:L/PR:L/UI:R/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T16:00:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6473141"
        },
        {
          "name": "ibm-jazz-cve202120507-xss (198235)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-16T00:00:00",
          "ID": "CVE-2021-20507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6473141",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)",
              "url": "https://www.ibm.com/support/pages/node/6473141"
            },
            {
              "name": "ibm-jazz-cve202120507-xss (198235)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20507",
    "datePublished": "2021-07-19T16:00:25.382956Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T03:12:37.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29844 (GCVE-0-2021-29844)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-16 17:59
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-engineering-cve202129844-ssrf (205205)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:L/C:L/S:U/PR:L/AV:N/A:N/UI:N/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:31",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-engineering-cve202129844-ssrf (205205)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29844",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-engineering-cve202129844-ssrf (205205)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29844",
    "datePublished": "2021-10-27T16:00:31.302142Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T17:59:19.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4547 (GCVE-0-2020-4547)
Vulnerability from cvelistv5
Published
2021-01-27 16:15
Modified
2024-09-17 03:18
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-jazz-cve20204547-clickjacking (183315)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/S:C/A:N/UI:R/AC:L/I:L/C:L/PR:L/AV:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-jazz-cve20204547-clickjacking (183315)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204547-clickjacking (183315)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4547",
    "datePublished": "2021-01-27T16:15:26.519672Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:18:48.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20520 (GCVE-0-2021-20520)
Vulnerability from cvelistv5
Published
2021-03-30 16:45
Modified
2024-09-16 18:48
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6437579"
          },
          {
            "name": "ibm-engineering-cve202120520-xss (198572)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/S:C/PR:L/I:L/C:L/UI:R/AV:N/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-30T16:45:34",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6437579"
        },
        {
          "name": "ibm-engineering-cve202120520-xss (198572)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-29T00:00:00",
          "ID": "CVE-2021-20520",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6437579",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6437579 (Rational Team Concert)",
              "url": "https://www.ibm.com/support/pages/node/6437579"
            },
            {
              "name": "ibm-engineering-cve202120520-xss (198572)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20520",
    "datePublished": "2021-03-30T16:45:34.161318Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T18:48:45.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29774 (GCVE-0-2021-29774)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-17 02:10
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Gain Privileges
Summary
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-engineering-cve202129774-priv-escalation (203025)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/AV:N/S:U/C:H/I:H/UI:N/AC:H/A:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-engineering-cve202129774-priv-escalation (203025)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29774",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-engineering-cve202129774-priv-escalation (203025)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29774",
    "datePublished": "2021-10-27T16:00:28.033842Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T02:10:50.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198233VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198233VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 198231."
    }
  ],
  "id": "CVE-2021-20506",
  "lastModified": "2024-11-21T05:46:41.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.790",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198233"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-16 15:15
Modified
2024-11-21 04:44
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/173174VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6249133Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/173174VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6249133Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0
ibm engineering_lifecycle_manager 7.0
ibm engineering_test_management 7.0
ibm engineering_workflow_management 7.0
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm reference_data_management 7.0
ibm rhapsody_design_manager 6.0.2
ibm rhapsody_design_manager 6.0.6
ibm rhapsody_design_manager 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "326E20D6-6F12-45F8-B005-3F6575E75EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1295F19A-0532-46D8-868E-83ABE5BF08E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C081789-7184-4010-8D6C-0791658108B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Team Server basadas en Applications es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.  IBM X-Force ID: 173174"
    }
  ],
  "id": "CVE-2019-4748",
  "lastModified": "2024-11-21T04:44:05.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T15:15:27.750",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6249133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6249133"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-12 18:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198441VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198441VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_insights 7.0.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm removable_media_management 6.0.2
ibm removable_media_management 6.0.6
ibm removable_media_management 6.0.6.1
ibm removable_media_management 7.0.0
ibm removable_media_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B81856F-2D20-4FD0-9CE3-1943226662C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D98161E-9EC9-4736-AEB3-347AC30B8723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F94BA36-ECDF-4997-8AE3-D014C3F257EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B7AE33-7246-43AA-8AD1-F73DF9BB02CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83D1A24-D51A-4608-BF3F-37D3DD2E748E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "774AD9F6-BB46-4781-BF0A-A74E0D17311D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5745900D-3EEC-4B33-8E1C-C6345BA5833A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E27D1E-B177-4964-939A-91313648E595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a  usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 198441"
    }
  ],
  "id": "CVE-2021-20519",
  "lastModified": "2024-11-21T05:46:42.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-12T18:15:13.093",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-08 21:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/186790VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6398742Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/186790VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6398742Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.6
ibm rational_rhapsody_design_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm reference_data_management 7.0
ibm reference_data_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0
ibm rhapsody_model_manager 7.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61692657-A7BD-4A51-A435-E0497EEA9C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A2E713-1053-4697-A50E-567952929367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C081789-7184-4010-8D6C-0791658108B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB0140E-68A4-4FA7-B32C-3F41FCCDED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E734FCD2-89E0-4F7E-80E2-A705B127E326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 186790"
    }
  ],
  "id": "CVE-2020-4697",
  "lastModified": "2024-11-21T05:33:08.483",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-08T21:15:12.373",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/203025VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/203025VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 6.0.6
ibm engineering_workflow_management 6.0.6.1
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A347BB4B-5E33-4F4E-9BDB-476DC2F79268",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server podr\u00edan permitir a un usuario autenticado alcanzar privilegios elevados bajo determinadas configuraciones. IBM X-Force ID: 203025"
    }
  ],
  "id": "CVE-2021-29774",
  "lastModified": "2024-11-21T06:01:47.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/190460VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/190460VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting almacenados.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190460"
    }
  ],
  "id": "CVE-2020-4857",
  "lastModified": "2024-11-21T05:33:19.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-08 21:15
Modified
2024-11-21 05:32
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/181862VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6398742Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/181862VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6398742Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.6
ibm rational_rhapsody_design_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm reference_data_management 7.0
ibm reference_data_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0
ibm rhapsody_model_manager 7.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61692657-A7BD-4A51-A435-E0497EEA9C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A2E713-1053-4697-A50E-567952929367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C081789-7184-4010-8D6C-0791658108B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB0140E-68A4-4FA7-B32C-3F41FCCDED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E734FCD2-89E0-4F7E-80E2-A705B127E326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador.\u0026#xa0;Esta informaci\u00f3n podr\u00eda ser usada en futuros ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 181862"
    }
  ],
  "id": "CVE-2020-4487",
  "lastModified": "2024-11-21T05:32:48.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-08T21:15:12.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/203172VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/203172VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario autenticado. IBM X-Force ID: 203172"
    }
  ],
  "id": "CVE-2021-29786",
  "lastModified": "2024-11-21T06:01:48.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.567",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-19 16:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198235VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6473141Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198235VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6473141Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 198235"
    }
  ],
  "id": "CVE-2021-20507",
  "lastModified": "2024-11-21T05:46:41.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-19T16:15:08.650",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/190459VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/190459VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting almacenados.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190459"
    }
  ],
  "id": "CVE-2020-4856",
  "lastModified": "2024-11-21T05:33:19.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.033",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-12 18:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/191396VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/191396VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_insights 7.0.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm removable_media_management 6.0.2
ibm removable_media_management 6.0.6
ibm removable_media_management 6.0.6.1
ibm removable_media_management 7.0.0
ibm removable_media_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B81856F-2D20-4FD0-9CE3-1943226662C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D98161E-9EC9-4736-AEB3-347AC30B8723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F94BA36-ECDF-4997-8AE3-D014C3F257EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B7AE33-7246-43AA-8AD1-F73DF9BB02CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83D1A24-D51A-4608-BF3F-37D3DD2E748E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "774AD9F6-BB46-4781-BF0A-A74E0D17311D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5745900D-3EEC-4B33-8E1C-C6345BA5833A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E27D1E-B177-4964-939A-91313648E595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 191396"
    }
  ],
  "id": "CVE-2020-4920",
  "lastModified": "2024-11-21T05:33:25.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-12T18:15:12.657",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-08 21:15
Modified
2024-11-21 05:32
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/183189VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6398742Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/183189VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6398742Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.6
ibm rational_rhapsody_design_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm reference_data_management 7.0
ibm reference_data_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0
ibm rhapsody_model_manager 7.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61692657-A7BD-4A51-A435-E0497EEA9C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A2E713-1053-4697-A50E-567952929367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C081789-7184-4010-8D6C-0791658108B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB0140E-68A4-4FA7-B32C-3F41FCCDED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E734FCD2-89E0-4F7E-80E2-A705B127E326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador.\u0026#xa0;Esta informaci\u00f3n podr\u00eda ser usada en futuros ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 183189"
    }
  ],
  "id": "CVE-2020-4544",
  "lastModified": "2024-11-21T05:32:52.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-08T21:15:12.250",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-12 18:15
Modified
2024-11-21 05:33
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/192419VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/192419VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_insights 7.0.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm removable_media_management 6.0.2
ibm removable_media_management 6.0.6
ibm removable_media_management 6.0.6.1
ibm removable_media_management 7.0.0
ibm removable_media_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B81856F-2D20-4FD0-9CE3-1943226662C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D98161E-9EC9-4736-AEB3-347AC30B8723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F94BA36-ECDF-4997-8AE3-D014C3F257EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B7AE33-7246-43AA-8AD1-F73DF9BB02CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83D1A24-D51A-4608-BF3F-37D3DD2E748E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "774AD9F6-BB46-4781-BF0A-A74E0D17311D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5745900D-3EEC-4B33-8E1C-C6345BA5833A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E27D1E-B177-4964-939A-91313648E595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Team Server contienen una vulnerabilidad no revelada que podr\u00eda permitir a un usuario autenticado presentar un mensaje personalizado en la aplicaci\u00f3n que podr\u00eda ser usado para hacer un ataque de phishing a otros usuarios. IBM X-Force ID: 192419"
    }
  ],
  "id": "CVE-2020-4964",
  "lastModified": "2024-11-21T05:33:28.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-12T18:15:12.920",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-02 19:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/183314VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6325343Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/183314VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6325343Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm engineering_requirements_management_doors_next 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm eni 7.0
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0363B97-BA15-49D0-A28B-2EE000AD5B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3EC655-99F2-4DA2-A5D9-3F858562F63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314."
    },
    {
      "lang": "es",
      "value": "Las Aplicaciones basadas en IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 183314"
    }
  ],
  "id": "CVE-2020-4546",
  "lastModified": "2024-11-21T05:32:52.733",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-02T19:15:18.390",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/190566VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/190566VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting almacenados.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190566"
    }
  ],
  "id": "CVE-2020-4863",
  "lastModified": "2024-11-21T05:33:20.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.250",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/192435VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/192435VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;N\u00famero de identificaci\u00f3n de IBM X-Force: 192435"
    }
  ],
  "id": "CVE-2020-4975",
  "lastModified": "2024-11-21T05:33:29.817",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.423",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-27 17:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/183315VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/183315VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm engineering_insights 7.0
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_requirements_management_doors_next 7.0
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 6.0.2
ibm engineering_workflow_management 6.0.6
ibm engineering_workflow_management 6.0.6.1
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rhapsody_design_manager 6.0.2
ibm rhapsody_design_manager 6.0.6
ibm rhapsody_design_manager 6.0.6.1
ibm rhapsody_design_manager 7.0
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, podr\u00edan permitir a un atacante remoto secuestrar la acci\u00f3n de clic de la v\u00edctima.\u0026#xa0;Al persuadir a una v\u00edctima para visitar un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar las acciones de clic de la v\u00edctima y posiblemente iniciar nuevos ataques contra la v\u00edctima.\u0026#xa0;IBM X-Force ID: 183315"
    }
  ],
  "id": "CVE-2020-4547",
  "lastModified": "2024-11-21T05:32:52.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:11.323",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1021"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-28 13:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/192957VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6475919Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/192957VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6475919Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.1
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation son vulnerables al cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario de la web, alterando as\u00ed la funcionalidad prevista y llevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 192957"
    }
  ],
  "id": "CVE-2020-5004",
  "lastModified": "2024-11-21T05:33:32.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-28T13:15:08.150",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-27 17:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/190741VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/190741VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm engineering_insights 7.0
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_requirements_management_doors_next 7.0
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 6.0.2
ibm engineering_workflow_management 6.0.6
ibm engineering_workflow_management 6.0.6.1
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rhapsody_design_manager 6.0.2
ibm rhapsody_design_manager 6.0.6
ibm rhapsody_design_manager 6.0.6.1
ibm rhapsody_design_manager 7.0
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190741"
    }
  ],
  "id": "CVE-2020-4865",
  "lastModified": "2024-11-21T05:33:20.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:13.027",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-08 21:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/186698VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6398742Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/186698VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6398742Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.6
ibm rational_rhapsody_design_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm reference_data_management 7.0
ibm reference_data_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0
ibm rhapsody_model_manager 7.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61692657-A7BD-4A51-A435-E0497EEA9C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A2E713-1053-4697-A50E-567952929367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C081789-7184-4010-8D6C-0791658108B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB0140E-68A4-4FA7-B32C-3F41FCCDED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E734FCD2-89E0-4F7E-80E2-A705B127E326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 186698"
    }
  ],
  "id": "CVE-2020-4691",
  "lastModified": "2024-11-21T05:33:07.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-08T21:15:12.297",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/199482VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/199482VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 7.0
ibm rational_team_concert 7.0.1
ibm rational_team_concert 7.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A347BB4B-5E33-4F4E-9BDB-476DC2F79268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6259548-A565-4693-8F8E-DB7EEAFE107B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "242C5CDC-9B7F-41E6-B8FC-9D6CBC11D725",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 199482"
    }
  ],
  "id": "CVE-2021-29673",
  "lastModified": "2024-11-21T06:01:37.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.420",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198231VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198231VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 198231."
    }
  ],
  "id": "CVE-2021-20504",
  "lastModified": "2024-11-21T05:46:41.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.727",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/205205VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/205205VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 6.0.6
ibm engineering_lifecycle_optimization 6.0.6.1
ibm engineering_lifecycle_optimization 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_rhapsody_design_manager -
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA081AC9-023F-492E-B2F4-FB30029D05B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC78DE1B-6068-4BDF-AFED-93552149B912",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE56C15-D89F-41A0-BFC6-9130B381E66E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeraci\u00f3n de la red o facilitar otros ataques"
    }
  ],
  "id": "CVE-2021-29844",
  "lastModified": "2024-11-21T06:01:54.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.613",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-27 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/194963VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/194963VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm engineering_insights 7.0
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_requirements_management_doors_next 7.0
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 6.0.2
ibm engineering_workflow_management 6.0.6
ibm engineering_workflow_management 6.0.6.1
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rhapsody_design_manager 6.0.2
ibm rhapsody_design_manager 6.0.6
ibm rhapsody_design_manager 6.0.6.1
ibm rhapsody_design_manager 7.0
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 194963"
    }
  ],
  "id": "CVE-2021-20357",
  "lastModified": "2024-11-21T05:46:27.427",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:14.400",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/194451VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/194451VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 194451"
    }
  ],
  "id": "CVE-2021-20340",
  "lastModified": "2024-11-21T05:46:25.653",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.500",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198572VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198572VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 198572."
    }
  ],
  "id": "CVE-2021-20520",
  "lastModified": "2024-11-21T05:46:42.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.917",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-27 17:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/190457VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/190457VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm engineering_insights 7.0
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_requirements_management_doors_next 7.0
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 6.0.2
ibm engineering_workflow_management 6.0.6
ibm engineering_workflow_management 6.0.6.1
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rhapsody_design_manager 6.0.2
ibm rhapsody_design_manager 6.0.6
ibm rhapsody_design_manager 6.0.6.1
ibm rhapsody_design_manager 7.0
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190457"
    }
  ],
  "id": "CVE-2020-4855",
  "lastModified": "2024-11-21T05:33:19.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:12.713",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-19 16:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/193738VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6473141Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/193738VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6473141Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 193738"
    }
  ],
  "id": "CVE-2020-5031",
  "lastModified": "2024-11-21T05:33:34.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-19T16:15:08.607",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198437VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198437VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 198437."
    }
  ],
  "id": "CVE-2021-20518",
  "lastModified": "2024-11-21T05:46:42.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.853",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198437"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198182VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198182VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;ID de IBM X-Force: 198182."
    }
  ],
  "id": "CVE-2021-20503",
  "lastModified": "2024-11-21T05:46:41.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.667",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198182"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-05-28 12:15
Modified
2025-03-10 18:54
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830.
References
psirt@us.ibm.comhttp://www.openwall.com/lists/oss-security/2024/05/24/2Mailing List, Third Party Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/286830Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7154955Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/05/24/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/286830Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7154955Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_workflow_management 7.0.2
ibm engineering_workflow_management 7.0.3
linux linux_kernel -
microsoft windows -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF63ABC-088D-429B-90F1-E2489B666DC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  286830."
    },
    {
      "lang": "es",
      "value": "IBM Engineering Workflow Management 7.0.2 y 7.0.3 es vulnerable a Cross-site scripting almacenado. Bajo ciertas configuraciones, esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 286830."
    }
  ],
  "id": "CVE-2024-28793",
  "lastModified": "2025-03-10T18:54:57.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-28T12:15:08.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/05/24/2"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286830"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7154955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/05/24/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7154955"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/194708VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/194708VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 194708"
    }
  ],
  "id": "CVE-2021-20351",
  "lastModified": "2024-11-21T05:46:26.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.640",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/194710VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/194710VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 194710."
    }
  ],
  "id": "CVE-2021-20352",
  "lastModified": "2024-11-21T05:46:26.877",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.383",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194710"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-01-11 17:15
Modified
2024-11-21 06:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/200657VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6539546Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/200657VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6539546Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
linux linux_kernel -
microsoft windows -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657."
    },
    {
      "lang": "es",
      "value": "IBM Engineering Workflow Management versiones 7.0, 7.0.1 y 7.0.2, as\u00ed como IBM Rational Team Concert versiones 6.0.6 y 6.0.6.1, podr\u00edan permitir a un atacante autenticado conseguir informaci\u00f3n confidencial de las definiciones de compilaci\u00f3n que podr\u00eda ayudar a realizar m\u00e1s ataques contra el sistema. X-Force ID: 200657"
    }
  ],
  "id": "CVE-2021-29701",
  "lastModified": "2024-11-21T06:01:39.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-11T17:15:07.567",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200657"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6539546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6539546"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-12 18:15
Modified
2024-11-21 05:33
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/192422VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/192422VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6441803Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_insights 7.0.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm removable_media_management 6.0.2
ibm removable_media_management 6.0.6
ibm removable_media_management 6.0.6.1
ibm removable_media_management 7.0.0
ibm removable_media_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B81856F-2D20-4FD0-9CE3-1943226662C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D98161E-9EC9-4736-AEB3-347AC30B8723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F94BA36-ECDF-4997-8AE3-D014C3F257EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B7AE33-7246-43AA-8AD1-F73DF9BB02CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83D1A24-D51A-4608-BF3F-37D3DD2E748E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "774AD9F6-BB46-4781-BF0A-A74E0D17311D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5745900D-3EEC-4B33-8E1C-C6345BA5833A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:removable_media_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E27D1E-B177-4964-939A-91313648E595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server utilizan algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. IBM X-Force ID: 192422"
    }
  ],
  "id": "CVE-2020-4965",
  "lastModified": "2024-11-21T05:33:29.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-12T18:15:12.983",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6441803"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-02 19:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/181122VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6325343Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/181122VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6325343Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm engineering_requirements_management_doors_next 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm eni 7.0
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0363B97-BA15-49D0-A28B-2EE000AD5B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3EC655-99F2-4DA2-A5D9-3F858562F63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122."
    },
    {
      "lang": "es",
      "value": "Las aplicaciones basadas en IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 181122"
    }
  ],
  "id": "CVE-2020-4445",
  "lastModified": "2024-11-21T05:32:44.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-02T19:15:18.033",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-08-04 16:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/182435VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6255694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/182435VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6255694Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_workflow_management 7.0.0
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 7.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A23CBA-BE41-43C2-9F9F-429D696C1622",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 182435"
    }
  ],
  "id": "CVE-2020-4525",
  "lastModified": "2024-11-21T05:32:50.750",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-04T16:15:12.583",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6255694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6255694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-16 15:15
Modified
2024-11-21 04:44
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/172887VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6249135Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/172887VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6249135Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_workflow_management 7.0
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887."
    },
    {
      "lang": "es",
      "value": "IBM Team Concert (RTC) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.  IBM X-Force ID: 172887"
    }
  ],
  "id": "CVE-2019-4747",
  "lastModified": "2024-11-21T04:44:05.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T15:15:27.627",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172887"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6249135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6249135"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/194707VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/194707VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 194707"
    }
  ],
  "id": "CVE-2021-20350",
  "lastModified": "2024-11-21T05:46:26.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.563",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-27 17:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/182434VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/182434VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6408694Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm engineering_insights 7.0
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_management_doors_next 6.0.2
ibm engineering_requirements_management_doors_next 6.0.6
ibm engineering_requirements_management_doors_next 6.0.6.1
ibm engineering_requirements_management_doors_next 7.0
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 6.0.2
ibm engineering_workflow_management 6.0.6
ibm engineering_workflow_management 6.0.6.1
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rhapsody_design_manager 6.0.2
ibm rhapsody_design_manager 6.0.6
ibm rhapsody_design_manager 6.0.6.1
ibm rhapsody_design_manager 7.0
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 182434"
    }
  ],
  "id": "CVE-2020-4524",
  "lastModified": "2024-11-21T05:32:50.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:11.057",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-28 13:15
Modified
2024-11-21 05:33
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/192434VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6475919Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/192434VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6475919Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.1
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation son vulnerables a la falsificaci\u00f3n de solicitudes del lado del servidor (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda conducir a la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 192434"
    }
  ],
  "id": "CVE-2020-4974",
  "lastModified": "2024-11-21T05:33:29.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-28T13:15:08.113",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-02 19:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/182397VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6325343Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/182397VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6325343Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm engineering_requirements_management_doors_next 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm eni 7.0
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0363B97-BA15-49D0-A28B-2EE000AD5B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3EC655-99F2-4DA2-A5D9-3F858562F63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397."
    },
    {
      "lang": "es",
      "value": "Las Aplicaciones basadas en IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 182397"
    }
  ],
  "id": "CVE-2020-4522",
  "lastModified": "2024-11-21T05:32:50.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-02T19:15:18.297",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/196623VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/196623VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 196623."
    }
  ],
  "id": "CVE-2021-20447",
  "lastModified": "2024-11-21T05:46:36.607",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.477",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 17:15
Modified
2024-11-21 05:46
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198059VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198059VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6437579Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_insights 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 6.0.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE02ED7-E365-4AAF-9935-19E0B4711BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD077-488A-45C6-AD72-3D79361509E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059."
    },
    {
      "lang": "es",
      "value": "Los Productos de IBM Jazz Foundation son vulnerables a un ataque de  tipo XML External Entity Injection (XXE) al procesar datos XML.\u0026#xa0;Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de la memoria.\u0026#xa0;IBM X-Force ID: 198059."
    }
  ],
  "id": "CVE-2021-20502",
  "lastModified": "2024-11-21T05:46:41.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T17:15:16.603",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198059"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6437579"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-08 21:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/188127VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6398742Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/188127VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6398742Vendor Advisory
Impacted products
Vendor Product Version
ibm collaborative_lifecycle_management 6.0.2
ibm collaborative_lifecycle_management 6.0.6
ibm collaborative_lifecycle_management 6.0.6.1
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm engineering_insights 7.0
ibm engineering_insights 7.0.1
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.6
ibm rational_rhapsody_design_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm reference_data_management 7.0
ibm reference_data_management 7.0.1
ibm rhapsody_model_manager 6.0.2
ibm rhapsody_model_manager 6.0.6
ibm rhapsody_model_manager 6.0.6.1
ibm rhapsody_model_manager 7.0
ibm rhapsody_model_manager 7.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC1773-1BAE-4407-A9EE-49A87E513BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61692657-A7BD-4A51-A435-E0497EEA9C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A2E713-1053-4697-A50E-567952929367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C081789-7184-4010-8D6C-0791658108B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB0140E-68A4-4FA7-B32C-3F41FCCDED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E734FCD2-89E0-4F7E-80E2-A705B127E326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 188127"
    }
  ],
  "id": "CVE-2020-4733",
  "lastModified": "2024-11-21T05:33:11.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-08T21:15:12.437",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6398742"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-04 19:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/190742VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/190742VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6417585Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm doors_next 7.0.1
ibm doors_next 7.0.2
ibm engineering_lifecycle_management 7.0
ibm engineering_lifecycle_management 7.0.1
ibm engineering_lifecycle_management 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm global_configuration_management *
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B31C8-6BB6-4C46-A836-2B029909B079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "578775A7-94F0-4715-B239-5712B3726A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190742"
    }
  ],
  "id": "CVE-2020-4866",
  "lastModified": "2024-11-21T05:33:20.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-04T19:15:13.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6417585"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}