Security Bulletin
Summary
There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Workflow Management (EWM), IBM Engineering Systems Design Rhapsody, IBM Engineering Requirements Quality Assistant On-Premises.
Vulnerability Details
CVEID: CVE-2020-8908
DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192996 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2021-29786
DESCRIPTION: IBM Jazz Foundation stores user credentials in clear text which can be read by an authenticated user.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203172 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-29774
DESCRIPTION: IBM Engineering Requirements Quality Assistant could allow an authenticated user to obtain elevated privileges under certain configurations.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203025 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-29713
DESCRIPTION: IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2021-27219
DESCRIPTION: GNOME GLib could allow a remote attacker to cause a denial of service, caused by an integer overflow in the g_bytes_new function. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196782 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-29673
DESCRIPTION: IBM Engineering Workflow Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199482 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1000632
DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2020-10683
DESCRIPTION: dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2021-29844
DESCRIPTION: IBM Engineering Requirements Management DOORS Next is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
Affected Product(s) | Version(s) |
CLM | 6.0.6.1 |
CLM | 6.0.6 |
ELM | 7.0.2 |
ELM | 7.0 |
ELM | 7.0.1 |
IBM Engineering Requirements Quality Assistant | 1.0 |
IBM Engineering Requirements Quality Assistant On-Premises | All |
EWM | 7.0.2 |
EWM | 7.0.1 |
RTC | 6.0.2 |
RTC | 6.0.6.1 |
EWM | 7.0 |
RTC | 6.0.6 |
IBM Engineering Systems Design Rhapsody | All |
DOORS Next | 7.0.2 |
DOORS Next | 7.0 |
DOORS Next | 7.0.1 |
RDNG | 6.0.6.1 |
RDNG | 6.0.6 |
Remediation/Fixes
For the 6.0.6 - 7.0.2 releases:
Upgrade to version 7.0.2 iFix005 or later
- IBM Engineering Lifecycle Management 7.0.2 iFix007
- IBM Engineering Requirements Management DOORS Next 7.0.2 iFix007
- IBM Engineering Test Management 7.0.2 iFix007
- IBM Engineering Workflow Management 7.0.2 iFix007
- IBM Engineering Lifecycle Optimization - Engineering Insights: Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007
- IBM Engineering Lifecycle Optimization - Publishing: Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007
- IBM Engineering Systems Design Rhapsody - Design Manager: Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007
- IBM Engineering Systems Design Rhapsody - Model Manager: Upgrade to version 7.0.2 and install server from ELM 7.0.2 iFix007
Upgrade to version 7.0.1 iFix010 or later
- IBM Engineering Lifecycle Management 7.0.1 iFix012
- IBM Engineering Requirements Management DOORS Next 7.0.1 iFix012
- IBM Engineering Test Management 7.0.1 iFix012
- IBM Engineering Workflow Management 7.0.1 iFix012
- IBM Engineering Lifecycle Optimization - Engineering Insights: Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012
- IBM Engineering Lifecycle Optimization - Publishing: Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012
- IBM Engineering Systems Design Rhapsody - Design Manager: Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012
- IBM Engineering Systems Design Rhapsody - Model Manager: Upgrade to version 7.0.1 and install server from ELM 7.0.1 iFix012
Upgrade to version 7.0 iFix010 or later
- IBM Engineering Lifecycle Management 7.0 iFix012
- IBM Engineering Requirements Management DOORS Next 7.0 iFix012
- IBM Engineering Test Management 7.0 iFix012
- IBM Engineering Workflow Management 7.0 iFix012
- IBM Engineering Lifecycle Optimization - Engineering Insights: Upgrade to version 7.0 and install server from ELM 7.0 iFix012
- IBM Engineering Lifecycle Optimization - Publishing: Upgrade to version 7.0 and install server from ELM 7.0 iFix012
- IBM Engineering Systems Design Rhapsody - Design Manager: Upgrade to version 7.0 and install server from ELM 7.0 iFix012
- IBM Engineering Systems Design Rhapsody - Model Manager: Upgrade to version 7.0 and install server from ELM 7.0 iFix012
Upgrade to version 6.0.6.1 iFix018 or later
- Rational Collaborative Lifecycle Management 6.0.6.1 iFix020
- Rational DOORS Next Generation 6.0.6.1 iFix020
- Rational Quality Manager 6.0.6.1 iFix020
- Rational Team Concert 6.0.6.1 iFix020
- Rational Engineering Lifecycle Manager: Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020
- Rational Publishing Engine: Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020
- Rational Rhapsody Design Manager: Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix0202
- IBM Rhapsody Model Manager: Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020
- Rational Software Architect Design Manager: Upgrade to version 6.0.6.1 and install server from CLM 6.0.6.1 iFix020
Upgrade to version 6.0.6 iFix022 or later
- Rational Collaborative Lifecycle Management 6.0.6 iFix023
- Rational DOORS Next Generation 6.0.6 iFix023
- Rational Quality Manager 6.0.6 iFix023
- Rational Team Concert 6.0.6 iFix023
- Rational Engineering Lifecycle Manager: Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
- Rational Publishing Engine: Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
- Rational Rhapsody Design Manager: Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
- IBM Rhapsody Model Manager: Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
- Rational Software Architect Design Manager: Upgrade to version 6.0.6 and install server from CLM 6.0.6 iFix023
For IBM Engineering Requirements Quality Assistant On-Premises:
- Please follow the RQA Upgrade instructions.
For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
If the iFix is not found in the Fix Portal please contact IBM Support.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
This vulnerability was reported to IBM by Naval Group CERT Julien Blin & Thibaut Poirier.
Change History
25 Oct 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
25 October 2021
UID
ibm16508583