Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD00CE0285A4F7F2D040FEB9E42204B251DB78A299D7FFC4E7348291016376C6E
HistoryJun 01, 2020 - 9:25 p.m.

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.

2020-06-0121:25:46
www.ibm.com
16

EPSS

0.001

Percentile

39.9%

JSON

Summary

There are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology.

Vulnerability Details

Refer to the security bulletins(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
CLM 6.0.6.1
CLM 6.0.6
CLM 6.0.2
ELM 7.0
Rhapsody DM 6.0.6
Rhapsody DM 6.0.6.1
Rhapsody DM 6.0.2
RDM 7.0
DNG 6.0.6
DNG 6.0.6.1
DNG 6.0.2
DOORS Next 7.0
RTC 6.0.2
RTC 6.0.6.1
EWM 7.0
RTC 6.0.6
RQM 6.0.6.1
RQM 6.0.6
ETM 7.0.0
RQM 6.0.2

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For ELM applications version 6.0 to 7.0 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)

Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)

Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2020-4421)

Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)

Workarounds and Mitigations

None

Related

redhat 1
ibm 142
prion 4
cvelist 4
nessus 3
nvd 4
cve 4
redhat
redhat
(RHSA-2020:2054) Important: Open Liberty 20.0.0.5 Runtime security update
2020-05-11 13:29:28
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4276, CVE-2020-4362, CVE-2020-4329)
2020-05-25 04:34:43
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4362)
2020-05-28 21:20:37
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4362)
2020-04-10 14:32:07
prion
prion
Privilege escalation
2020-04-10 14:15:00
Code injection
2020-05-06 14:15:00
Server side request forgery (ssrf)
2020-05-14 16:15:00
cvelist
cvelist
CVE-2020-4362
2020-04-10 14:00:17
CVE-2020-4421
2020-05-06 13:45:19
CVE-2020-4365
2020-05-14 15:50:45
nessus
nessus
IBM WebSphere Application Server 8.5.x < 8.5.5.18 Server-side Request Forgery (6209099)
2020-07-29 00:00:00
IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)
2020-04-17 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.46 / 8.0 < 8.0.0.16 / 8.5 < 8.5.5.18 / 9.0 < 9.0.5.4 / Liberty 17.0.0.3 < 20.0.0.5 Information Disclosure
2020-05-08 00:00:00
nvd
nvd
CVE-2020-4421
2020-05-06 14:15:10
CVE-2020-4365
2020-05-14 16:15:15
CVE-2020-4362
2020-04-10 14:15:12
cve
cve
CVE-2020-4421
2020-05-06 14:15:10
CVE-2020-4365
2020-05-14 16:15:15
CVE-2020-4329
2020-04-28 14:15:14

EPSS

0.001

Percentile

39.9%

JSON
Related for D00CE0285A4F7F2D040FEB9E42204B251DB78A299D7FFC4E7348291016376C6E
redhat1ibm142prion4cvelist4nessus3nvd4cve4