CVE-2020-4495

Description

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.

Related CPE's

aibmcollaborative_lifecycle_management6.0.6*******

vulnerable

aibmcollaborative_lifecycle_management6.0.6.1*******

vulnerable

aibmengineering_lifecycle_management7.0*******

vulnerable

aibmengineering_lifecycle_management7.0.1*******

vulnerable

aibmengineering_lifecycle_management7.0.2*******

vulnerable

aibmengineering_lifecycle_optimization_-_engineering_insights7.0*******

vulnerable

aibmengineering_lifecycle_optimization_-_engineering_insights7.0.1*******

vulnerable

aibmengineering_lifecycle_optimization_-_engineering_insights7.0.2*******

vulnerable

aibmengineering_lifecycle_optimization_-_publishing7.0*******

vulnerable

aibmengineering_lifecycle_optimization_-_publishing7.0.1*******

vulnerable

References

https://www.ibm.com/support/pages/node/6457739

PatchVendor Advisory

ibm-rhapsody-cve20204495-sec-bypass (182114)

VDB EntryVendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

8.8

VectorString

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

9

VectorString

AV:N/AC:L/Au:S/C:C/I:C/A:C

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE

Created by Yello
About Severity.io