Unauthorized Access Vulnerability in IBM Jazz Foundation and Engineering Products
CVE-2020-4410

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Rational Rhapsody Design Manager
Vendor: CVE Published:; 4 August 2020

What is CVE-2020-4410?

IBM Jazz Foundation and IBM Engineering products are susceptible to an unauthorized access vulnerability, where an authenticated user can execute a specially crafted HTTP GET request. This action could allow access to sensitive attachments on the server that should remain restricted. Proper access controls and security measures are essential to mitigate this risk, as it can potentially lead to data exposure.

Affected Version(s)

Rational Rhapsody Design Manager 6.0.2

Rational Rhapsody Design Manager 7.0

References

https://www.ibm.com/support/pages/node/6255694

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/179539

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2020
Vulnerability Reserved
Dec 30, 2019