CVE-2019-4603 — Incorrect Permission Assignment in IBM Rational Quality Manager

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 71.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Quality Manager

Timeline

PublishedApr 8

Latest updateMay 24

Description

IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/rational_quality_manager6.0.2, 6.0.6, 6.0.6.1+2

▶NVDibm/rational_quality_manager6.0.2, 6.0.6, 6.0.6.1+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-mmhw-p74f-f3j3: IBM Quality Manager (RQM) 6↗2022-05-24

▶

CVEList

CVE-2019-4603: IBM Quality Manager (RQM) 6↗2020-04-08

▶