CVE-2020-4495

Published: Jun 2, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.

Affected (25)

Products: Ibm: Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization Engineering Insights, Engineering Lifecycle Optimization Publishing, Engineering Test Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager, Removable Media Manager

Ibm

9 products

Collaborative Lifecycle Management

Engineering Lifecycle Management

Engineering Lifecycle Optimization Engineering Insights

Engineering Lifecycle Optimization Publishing

Engineering Test Management

Rational Doors Next Generation

Rational Engineering Lifecycle Manager

Rational Quality Manager

Removable Media Manager

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Ibm Collaborative Lifecycle Management	Version 6.0.6.1
Ibm Collaborative Lifecycle Management	Version 6.0.6
Ibm Engineering Lifecycle Management	Version 7.0.1
Ibm Engineering Lifecycle Management	Version 7.0.2
Ibm Engineering Lifecycle Management	Version 7.0
Ibm Engineering Lifecycle Optimization Engineering Insights	Version 7.0.1
Ibm Engineering Lifecycle Optimization Engineering Insights	Version 7.0.2
Ibm Engineering Lifecycle Optimization Engineering Insights	Version 7.0
Ibm Engineering Lifecycle Optimization Publishing	Version 7.0.1
Ibm Engineering Lifecycle Optimization Publishing	Version 7.0.2
Ibm Engineering Lifecycle Optimization Publishing	Version 7.0
Ibm Engineering Test Management	Version 7.0.0
Ibm Engineering Test Management	Version 7.0.1
Ibm Rational Doors Next Generation	Version 6.0.6.1
Ibm Rational Doors Next Generation	Version 6.0.6
Ibm Rational Doors Next Generation	Version 7.0.1
Ibm Rational Doors Next Generation	Version 7.0.2
Ibm Rational Doors Next Generation	Version 7.0
Ibm Rational Engineering Lifecycle Manager	Version 6.0.6.1
Ibm Rational Engineering Lifecycle Manager	Version 6.0.6
Ibm Rational Quality Manager	Version 6.0.6.1
Ibm Rational Quality Manager	Version 6.0.6
Ibm Removable Media Manager	Version 6.0.6.1
Ibm Removable Media Manager	Version 6.0.6
Ibm Removable Media Manager	Version 7.0

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/182114

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6457739

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/182114

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6457739

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.