CVE-2020-4989Resource Exposure in IBM Engineering Workflow Management

CWE-668Resource Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 63.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Engineering Workflow ManagementIBM Rational Team Concert
Timeline
PublishedMar 15
Latest updateMar 16

Description

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5ibm/rational_team_concert6.0.6, 6.0.6.1+1
NVDibm/rational_team_concert5 versions+4
CVEListV5ibm/engineering_workflow_management7.0, 7.0.1, 7.0.2+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
GHSA
GHSA-93xg-j32h-9qvg: IBM Engineering Workflow Management 72022-03-16
CVEList
CVE-2020-4989: IBM Engineering Workflow Management 72022-03-15
OSV
bluez vulnerabilities2021-06-16
CVE-2020-4989 — Resource Exposure in IBM | cvebase