CVE-2019-4084

EUVD-2019-13691
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/UI:N/AV:N/PR:L/S:U/I:N/C:L/AC:L/A:N/RC:C/E:U/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
ibmrational_collaborative_lifecycle_management
6.0 ≤
𝑥
≤ 6.0.6.1
ibmrational_doors_next_generation
6.0 ≤
𝑥
≤ 6.0.6.1
ibmrational_engineering_lifecycle_manager
6.0 ≤
𝑥
≤ 6.0.6.1
ibmrational_quality_manager
6.0 ≤
𝑥
≤ 6.0.6.1
ibmrational_rhapsody_design_manager
6.0 ≤
𝑥
≤ 6.0.6.1
ibmrational_software_architect_design_manager
6.0 ≤
𝑥
≤ 6.0.1
ibmrational_team_concert
6.0 ≤
𝑥
≤ 6.0.6.1
𝑥
= Vulnerable software versions
References
http://www.ibm.com/support/docview.wss?uid=ibm10956525
https://exchange.xforce.ibmcloud.com/vulnerabilities/157384
http://www.ibm.com/support/docview.wss?uid=ibm10956525
https://exchange.xforce.ibmcloud.com/vulnerabilities/157384