Medium Severity

IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology

Share this post:

Multiple security vulnerabilities affect components used by the following products that may affect those products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM).

CVE(s): CVE-2019-4252, CVE-2019-4249, CVE-2018-1758, CVE-2018-1760, CVE-2018-1826, CVE-2018-1827, CVE-2018-1828, CVE-2018-1893, CVE-2018-1892, CVE-2019-4250, CVE-2018-1734, CVE-2019-4083, CVE-2019-4084

Affected product(s) and affected version(s):

Rational Collaborative Lifecycle Management 6.0 – 6.0.6.1
Rational Quality Manager 6.0 – 6.0.6.1
Rational Team Concert 6.0 – 6.0.6.1
Rational DOORS Next Generation 6.0 – 6.0.6.1
Rational Engineering Lifecycle Manager 6.0 – 6.0.6.1
Rational Rhapsody Design Manager 6.0 – 6.0.6.1
Rational Software Architect Design Manager 6.0 – 6.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10956525
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159883
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148605
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148614
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150429
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150430
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150431
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152157
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152156
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159648
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147838
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157383
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157384

More stories

IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Process Orchestration Web Service logging

Oct 11, 2019 9:02 am EDT | Medium Severity

A security vulnerability in IBM FileNet Content Manager and Case Foundation, in some case, could contain user information in the log when Process Orchestration Web Services is invoked. CVE(s): CVE-2019-4572 Affected product(s) and affected version(s): FileNet Content Manager and Case Foundation 5.5.2, 5.5.3. This security vulnerability only exists in 5.5.2.0-P8CPE-IF001, 5.5.2.0-P8CPE-IF002 and 5.5.3.0-P8CPE (GA). Refer ...read more


IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation are affected by Publicly disclosed vulnerability in Java July 2019

Oct 11, 2019 9:02 am EDT | Medium Severity

IBM FileNet Content Manager and Case Foundation has addressed the following vulnerabilities in versions 5.5.2 and 5.5.3. CVE(s): CVE-2019-2762, CVE-2019-2769 Affected product(s) and affected version(s): FileNet Content Manager and Case Foundation 5.5.2, 5.5.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://supportcontent.ibm.com/support/pages/node/967409X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163826X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163832 ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2019-4512)

Oct 8, 2019 9:02 am EDT | Medium Severity

IBM Maximo Asset Management generates an error message that includes sensitive information that could be used in further attacks against the system. CVE(s): CVE-2019-4512 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, ...read more