CVE-2021-29786

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 75.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
IBM Engineering Lifecycle OptimizationIBM Engineering Workflow ManagementIBM Rational Collaborative Lifecycle Management+3 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

CVEListV5ibm/rational_team_concert6.0.2, 6.0.6, 6.0.6.1+2
NVDibm/rational_team_concert6.0.2, 6.0.6, 6.0.6.1+2
CVEListV5ibm/rational_doors_next_generation5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-x2h8-3vcp-jmgr: IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user2022-05-24
CVEList
CVE-2021-29786: IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user2021-10-27
CVE-2021-29786 (MEDIUM CVSS 6.5) | IBM Jazz Team Server products store | cvebase.io