Clear Text Credential Storage in IBM Jazz Team Server
CVE-2021-29786

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Optimization; Rational Collaborative Lifecycle Management; Rational Team Concert; Rational Doors Next Generation
Vendor: CVE Published:; 27 October 2021

What is CVE-2021-29786?

IBM Jazz Team Server products have a security flaw where user credentials are stored in clear text, allowing an authenticated user to access sensitive information. This oversight poses a significant risk to user data integrity and confidentiality. Protection measures should be considered to prevent unauthorized access to such credentials, thereby securing the application environment.

Affected Version(s)

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

Engineering Workflow Management 7.0

References

https://www.ibm.com/support/pages/node/6508583

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/203172

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2021
Vulnerability Reserved
Mar 31, 2021