High Severity

Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Share this post:

There are multiple vulnerabilities in IBM® SDK Java Technology Edition from April 2020 CPU and the CVE-2019-2949 (deferred from Oracle Oct 2019 CPU) that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Lifecycle Optimization – Engineering Insights (ENI), IBM Engineering Workflow Management (EWM), IBM Engineering Systems Design Rhapsody – Design Manager (RDM), IBM Engineering Systems Design Rhapsody – Model Manager (RMM). These issues were disclosed as part of the IBM Java SDK updates in April 2020.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Rhapsody DM 6.0.6
Rhapsody DM 6.0.6.1
Rhapsody DM 6.0.2
RDM 7.0
RPE 2.1.0
RPE 2.1.2
RPE 6.0.6
RPE 6.0.6.1
PUB 7.0
RPE 2.1.1
CLM 6.0.6.1
CLM 6.0.6
CLM 6.0.2
ELM 7.0
RELM 6.0.6.1
RELM 6.0.6
RELM 6.0.2
ENI 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6243888

More stories

Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)

Aug 13, 2020 8:00 pm EDT | High Severity

WebSphere Application Server is vulnerable to a remote code execution vulnerability. This has been addressed. ...read more


Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200)

Aug 12, 2020 8:01 pm EDT | High Severity

The IBM Spectrum Protect Server is affected by multiple Db2 vulnerabilities such as privilege escalation, denial of service, and buffer overflow. ...read more


Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool.

Aug 12, 2020 8:01 pm EDT | High Severity

BigFix Platform is shipped with IBM License Metric Tool. Information about a security vulnerability affecting BigFix Platform has been published in a security bulletin. ...read more