Security Bulletin
Summary
There is a vulnerability CVE-2021-29701 which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM).
Vulnerability Details
DESCRIPTION: IBM Engineering Workflow Management could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
Affected Product(s) | Version(s) |
IBM Engineering Workflow Management (EWM) | 7.0.2 |
IBM Engineering Workflow Management (EWM) | 7.0.1 |
IBM Engineering Workflow Management (EWM) | 7.0 |
Rational Team Concert (RTC) | 6.0.6.1 |
Rational Team Concert (RTC) | 6.0.6 |
Remediation/Fixes
For the 6.0.6 - 7.0.2 releases:
Upgrade to version 7.0.2 iFix012 or later
IBM Engineering Lifecycle Management 7.0.2 iFix012
IBM Engineering Workflow Management 7.0.2 iFix012
Upgrade to version 7.0.1 iFix014 or later
IBM Engineering Lifecycle Management 7.0.1 iFix014
IBM Engineering Workflow Management 7.0.1 iFix014
Upgrade to version 7.0 iFix013 or later
IBM Engineering Lifecycle Management 7.0 iFix013
IBM Engineering Workflow Management 7.0 iFix013
Upgrade to version 6.0.6.1 iFix022 or later
Rational Collaborative Lifecycle Management 6.0.6.1 iFix022
Rational Team Concert 6.0.6.1 iFix022
Upgrade to version 6.0.6 iFix024 or later
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
10 Jan 2022: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
12 December 2022
UID
ibm16539546