CVE-2020-4495

high-risk

Published 2021-06-02

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.

Do I need to act?

~

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Collaborative Lifecycle Management

Collaborative Lifecycle Management

Engineering Lifecycle Management

Engineering Lifecycle Management

Engineering Lifecycle Management

Engineering Lifecycle Optimization - Engineering Insights

Engineering Lifecycle Optimization - Engineering Insights

Engineering Lifecycle Optimization - Engineering Insights

Engineering Lifecycle Optimization - Publishing

Engineering Lifecycle Optimization - Publishing

Engineering Lifecycle Optimization - Publishing

Engineering Test Management

Engineering Test Management

Rational Doors Next Generation

Rational Doors Next Generation

Rational Doors Next Generation

Rational Doors Next Generation

Rational Doors Next Generation

Rational Engineering Lifecycle Manager

Rational Engineering Lifecycle Manager

Affected Vendors

Ibm

References (4)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/182114

Patch https://www.ibm.com/support/pages/node/6457739

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/182114

Patch https://www.ibm.com/support/pages/node/6457739

55

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 21/34 · High