High Severity

Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Share this post:

There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Workflow Management (EWM), IBM Engineering Lifecycle Optimization – Engineering Insights (ENI), IBM Engineering Requirements Quality Assistant On-Premises.

CVE(s): CVE-2020-5004, CVE-2020-4974, CVE-2018-10237, CVE-2015-5237, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
EWM 7.0.1
EWM 7.0
RTC 6.0.6
EWM 7.0.2
DOORS Next 7.0.2
DOORS Next 7.0
DOORS Next 7.0.1
RDNG 6.0.6
IBM Engineering Requirements Quality Assistant On-Premises All
ENI 7.0.1
RELM 6.0.6
ENI 7.0
RELM 6.0.2
ENI 7.0.2
ETM 7.0.1
RQM 6.0.6
ETM 7.0.0
ETM 7.0.2
CLM 6.0.6
ELM 7.0
CLM 6.0.2
ELM 7.0.1
ELM 7.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6475919
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192957
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192434
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142508
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/105989
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196847
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196848
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196849

More stories

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774)

Sep 25, 2021 8:00 pm EDT | High Severity

IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. ...read more

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Sep 24, 2021 8:00 pm EDT | High Severity

The Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 68. ...read more

Security Bulletin: Integrated application server and integrated web services for IBM i are affected by CVE-2021-35517 and CVE-2021-36090

Sep 24, 2021 8:00 pm EDT | High Severity

There are multiple vulnerabilities in the Apache Commons Compress library as described in the vulnerability details section. The Apache Commons Compress library is used by WebSphere Application Server Liberty on IBM i. WebSphere Application Server Liberty is the runtime that is used by integrated application server and integrated web services server. IBM i has addressed the vulnerability in the WebSphere Application Server Liberty implementation. ...read more