High Severity

Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Share this post:

There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Workflow Management (EWM), IBM Engineering Systems Design Rhapsody, IBM Engineering Requirements Quality Assistant On-Premises.

CVE(s): CVE-2020-8908, CVE-2021-29786, CVE-2021-29774, CVE-2021-29713, CVE-2021-27219, CVE-2021-29673, CVE-2018-1000632, CVE-2020-10683, CVE-2021-29844

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
CLM 6.0.6.1
CLM 6.0.6
ELM 7.0.2
ELM 7.0
ELM 7.0.1
IBM Engineering Requirements Quality Assistant 1.0
IBM Engineering Requirements Quality Assistant On-Premises All
EWM 7.0.2
EWM 7.0.1
RTC 6.0.2
RTC 6.0.6.1
EWM 7.0
RTC 6.0.6
IBM Engineering Systems Design Rhapsody All
DOORS Next 7.0.2
DOORS Next 7.0
DOORS Next 7.0.1
RDNG 6.0.6.1
RDNG 6.0.6

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6508583
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192996
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203172
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203025
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200967
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196782
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199482
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148750
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181356
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205205

More stories

Security Bulletin: This Power System update is being released to address CVE 2020-25705

Dec 2, 2021 7:02 pm EST | High Severity

POWER9: In response to security issues with BMC's UDP network service, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2020-25705. ...read more


Security Bulletin: This Power System update is being released to address CVE 2020-1971

Dec 2, 2021 7:02 pm EST | High Severity

POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2020-1971. ...read more


Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-37713)

Dec 2, 2021 7:01 pm EST | High Severity

IBM Integration Bus ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. ...read more