High Severity

Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2021 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Share this post:

There are multiple vulnerabilities in IBM® SDK Java Technology Edition from July 2021 CPU that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Lifecycle Optimization – Engineering Insights (ENI), IBM Engineering Lifecycle Optimization – Publishing (PUB), IBM Engineering Workflow Management (EWM), IBM Engineering Test Management (ETM), IBM Engineering Systems Design Rhapsody – Design Manager (RDM), IBM Engineering Systems Design Rhapsody – Model Manager (RMM), IBM Engineering Requirements Quality Assistant On-Premises (RQA). These issues were disclosed as part of the IBM Java SDK updates in April 2021.

CVE(s): CVE-2021-2388 , CVE-2021-2369 , CVE-2021-2432

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Rhapsody DM 6.0.6
IBM Engineering Systems Design Rhapsody – Design Manager RDM 7.0.1
Rhapsody DM 7.0.2
Rhapsody DM 6.0.6.1
RDM 7.0
PUB 7.0.1
PUB 7.0.2
RPE 6.0.6
RPE 6.0.6.1
PUB 7.0
EWM 7.0.2
EWM 7.0.1
RTC 6.0.6.1
EWM 7.0
RTC 6.0.6
RQM 6.0.6.1
ETM 7.0.1
ETM 7.0.2
RQM 6.0.6
ETM 7.0.0
CLM 6.0.6.1
CLM 6.0.6
ELM 7.0.2
ELM 7.0
ELM 7.0.1
IBM Engineering Requirements Quality Assistant On-Premises All
DOORS Next 7.0.2
DOORS Next 7.0
DOORS Next 7.0.1
RDNG 6.0.6.1
RDNG 6.0.6
RELM 6.0.6.1
ENI 7.0.1
RELM 6.0.6
ENI 7.0
ENI 7.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6488937
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205815
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205856

More stories

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Oct 20, 2021 8:02 pm EDT | High Severity

A vulnerability in the sed command could allow an authenticated attacker to escape from a restricted shell to obtain sensitive information and cause a denial of service. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to directory traversal due to CVE-2021-32803

Oct 20, 2021 8:02 pm EDT | High Severity

IBM App Connect Enterprise Certified Container may be vulnerable to directory traversal due to CVE-2021-32803. This only affects Node.js runtime processes. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to directory traversal due to CVE-2021-32804

Oct 20, 2021 8:01 pm EDT | High Severity

IBM App Connect Enterprise Certified Container may be vulnerable to directory traversal due to CVE-2021-32804. This only affects Node.js runtime processes. ...read more