CVE-2019-4603

Published: Apr 8, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.

Affected (3)

Products: Ibm: Rational Quality Manager

Ibm

1 product

Rational Quality Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Quality Manager	Version 6.0.2
Ibm Rational Quality Manager	Version 6.0.6.1
Ibm Rational Quality Manager	Version 6.0.6

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/168295

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6172629

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/168295

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6172629

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.