CVE-2020-4410

CWE-200 — Information Exposure6 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 73.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Rhapsody Design Manager IBM Engineering Test Management

Timeline

PublishedAug 4

Latest updateMay 24

Description

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDibm/engineering_test_management7.0.0

▶CVEListV5ibm/rational_rhapsody_design_manager6.0.2, 7.0+1

▶NVDibm/rational_rhapsody_design_manager6.0.2, 7.0.0+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-7xmx-g36g-cqwh: IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on↗2022-05-24

▶

CVEList

CVE-2020-4410: IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on↗2020-08-04

▶

💥Exploits & PoCs

Exploit-DB

Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure↗2020-11-19

▶

Exploit-DB

Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF↗2020-11-09

▶

Exploit-DB

Genexis Platinum-4410 2.1 - Authentication Bypass↗2020-01-24

▶