CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
19.6%
There is a vulnerability CVE-2021-29701 which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM).
CVEID:CVE-2021-29701
**DESCRIPTION:**IBM Engineering Workflow Management could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Engineering Workflow Management (EWM) | 7.0.2 |
IBM Engineering Workflow Management (EWM) | 7.0.1 |
IBM Engineering Workflow Management (EWM) | 7.0 |
Rational Team Concert (RTC) | 6.0.6.1 |
Rational Team Concert (RTC) | 6.0.6 |
For the 6.0.6 - 7.0.2 releases:
Upgrade to version 7.0.2 iFix012 or later
IBM Engineering Lifecycle Management 7.0.2 iFix012
IBM Engineering Workflow Management 7.0.2 iFix012
Upgrade to version 7.0.1 iFix014 or later
IBM Engineering Lifecycle Management 7.0.1 iFix014
IBM Engineering Workflow Management 7.0.1 iFix014
Upgrade to version 7.0 iFix013 or later
IBM Engineering Lifecycle Management 7.0 iFix013
IBM Engineering Workflow Management 7.0 iFix013
Upgrade to version 6.0.6.1 iFix022 or later
Rational Collaborative Lifecycle Management 6.0.6.1 iFix022
Rational Team Concert 6.0.6.1 iFix022
Upgrade to version 6.0.6 iFix024 or later
Rational Collaborative Lifecycle Management 6.0.6 iFix024
Rational Team Concert 6.0.6 iFix024
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | engineering_workflow_management | 7.0 | cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:* |
ibm | engineering_workflow_management | 7.0.1 | cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:* |
ibm | rational_team_concert | 6.0.6 | cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:* |
ibm | rational_team_concert | 6.0.6.1 | cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
19.6%