Sensitive Information Exposure in IBM Engineering Workflow Management and Rational Team Concert
CVE-2020-4989

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Workflow Management; Rational Team Concert
Vendor: CVE Published:; 15 March 2022

What is CVE-2020-4989?

An authenticated user could exploit a vulnerability in IBM Engineering Workflow Management and IBM Rational Team Concert to gain unauthorized access to sensitive information regarding build definitions. This exposure may lead to potential data leakage, compromising the integrity and confidentiality of the information managed by these tools.

Affected Version(s)

Engineering Workflow Management 7.0

Engineering Workflow Management 7.0.1

Engineering Workflow Management 7.0.2

References

https://www.ibm.com/support/pages/node/6563261

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/192707

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2022
Vulnerability Reserved
Dec 30, 2019