CVE-2020-4732

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 56.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Engineering Lifecycle Optimization IBM Engineering Test Management IBM Rational Collaborative Lifecycle Management +9 more

Timeline

PublishedJun 2

Latest updateMay 24

Description

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages16 packages

▶CVEListV5ibm/engineering_test_management7.0.0, 7.0.1+1

▶NVDibm/engineering_test_management7.0.0, 7.0.1+1

▶NVDibm/engineering_lifecycle_management7.0, 7.0.1, 7.0.2+2

▶CVEListV5ibm/engineering_lifecycle_optimization7.0, 7.0.1, 7.0.2+2

▶CVEListV5ibm/rational_engineering_lifecycle_manager5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-f76c-qgfq-83m9: IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restriction↗2022-05-24

▶

CVEList

CVE-2020-4732: IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restriction↗2021-06-02

▶

💬Community

Bugzilla

CVE-2019-4732 IBM JDK: untrusted DLL search path vulnerability↗2020-01-31

▶