There is a vulnerability CVE-2020-4989 which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM).
CVEID:CVE-2020-4989
**DESCRIPTION:**IBM Engineering Workflow Management could allow an authenticated user to obtain sensitive information about build definitions.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192707 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
RTC | 6.0.6 |
RTC | 6.0.6.1 |
EWM | 7.0 |
EWM | 7.0.1 |
EWM | 7.0.2 |
For the 6.0.6 - 7.0.2 releases:
Upgrade to version 7.0.2 iFix005 or later
IBM Engineering Lifecycle Management 7.0.2 iFix005
IBM Engineering Workflow Management 7.0.2 iFix005
Upgrade to version 7.0.1 iFix013 or later
IBM Engineering Lifecycle Management 7.0.1 iFix013
IBM Engineering Workflow Management 7.0.1 iFix013
Upgrade to version 7.0 iFix013 or later
IBM Engineering Lifecycle Management 7.0 iFix013
IBM Engineering Workflow Management 7.0 iFix013
Upgrade to version 6.0.6.1 iFix021 or later
Rational Collaborative Lifecycle Management 6.0.6.1 iFix021
Rational Team Concert 6.0.6.1 iFix021
Upgrade to version 6.0.6 iFix025 or later
Rational Collaborative Lifecycle Management 6.0.6 iFix025
Rational Team Concert 6.0.6 iFix025
None