High Severity

Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2021 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Share this post:

There are multiple vulnerabilities in IBM® SDK Java Technology Edition from July 2021 CPU that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Lifecycle Optimization – Engineering Insights (ENI), IBM Engineering Lifecycle Optimization – Publishing (PUB), IBM Engineering Workflow Management (EWM), IBM Engineering Test Management (ETM), IBM Engineering Systems Design Rhapsody – Design Manager (RDM), IBM Engineering Systems Design Rhapsody – Model Manager (RMM), IBM Engineering Requirements Quality Assistant On-Premises (RQA). These issues were disclosed as part of the IBM Java SDK updates in April 2021.

CVE(s): CVE-2021-2388 , CVE-2021-2369 , CVE-2021-2432

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Rhapsody DM 6.0.6
IBM Engineering Systems Design Rhapsody – Design Manager RDM 7.0.1
Rhapsody DM 7.0.2
Rhapsody DM 6.0.6.1
RDM 7.0
PUB 7.0.1
PUB 7.0.2
RPE 6.0.6
RPE 6.0.6.1
PUB 7.0
EWM 7.0.2
EWM 7.0.1
RTC 6.0.6.1
EWM 7.0
RTC 6.0.6
RQM 6.0.6.1
ETM 7.0.1
ETM 7.0.2
RQM 6.0.6
ETM 7.0.0
CLM 6.0.6.1
CLM 6.0.6
ELM 7.0.2
ELM 7.0
ELM 7.0.1
IBM Engineering Requirements Quality Assistant On-Premises All
DOORS Next 7.0.2
DOORS Next 7.0
DOORS Next 7.0.1
RDNG 6.0.6.1
RDNG 6.0.6
RELM 6.0.6.1
ENI 7.0.1
RELM 6.0.6
ENI 7.0
ENI 7.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6488937
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205815
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205856

More stories

Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System

August 16, 2022 | High Severity

Multiple vulnerabilities in Golang Go affect Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. ...read more


Security Bulletin: Vulnerabilities in Intel Chipset affect IBM Cloud Pak System (CVE-2021-0060, CVE-2021-0147, CVE-2021-33080)

August 16, 2022 | High Severity

Vulnerabilities in Intel Chipset affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. ...read more


Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

August 16, 2022 | High Severity

A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. ...read more