What is CVE-2019-4748?

CVE-2019-4748 is a vulnerability in IBM Jazz Team Server-based Applications that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.

How severe is CVE-2019-4748?

CVE-2019-4748 has a severity value of 5.4, which is considered medium.

Which IBM products are affected by CVE-2019-4748?

IBM ETM 7.0, IBM RQM 6.0.6.1, IBM RQM 6.0.6, IBM RQM 6.0.2, IBM DOORS Next 7.0, IBM RDNG 6.0.2, IBM RDNG 6.0.6.1, IBM RDNG 6.0.6, IBM EWM 7.0, IBM RTC 6.0.2, IBM RTC 6.0.6.1, IBM RTC 6.0.6, IBM ELM 7.0, IBM CLM 6.0.6.1, IBM CLM 6.0.6, IBM CLM 6.0.2, IBM RDM 7.0, IBM Rhapsody DM 6.0.6, and IBM Rhapsody DM 6.0.6.1 are affected by CVE-2019-4748.

How can I fix CVE-2019-4748 vulnerability?

To fix the CVE-2019-4748 vulnerability, IBM recommends applying the necessary patches and fixes provided by IBM.

Where can I find more information about CVE-2019-4748 vulnerability?

More information about the CVE-2019-4748 vulnerability can be found on the IBM X-Force ID: 173174 page and the IBM support website.

Vulnerability/
CVE-2019-4748

medium

5.4

CWE

13/7/2020

15/7/2020

4/8/2024

CVE-2019-4748: XSS

First published: Mon Jul 13 2020(Updated: )

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Engineering Test Management (ETM)	<=7.0
IBM Rational Quality Manager	<=6.0.6.1
IBM Rational Quality Manager	<=6.0.6
IBM Rational Quality Manager	<=6.0.2
IBM Rational DOORS Next Generation	<=7.0
IBM Rational DOORS Next Generation	<=6.0.2
IBM Rational DOORS Next Generation	<=6.0.6.1
IBM Rational DOORS Next Generation	<=6.0.6
IBM Engineering Workflow Management (EWM)	<=7.0
IBM Rational Team Concert	<=6.0.2
IBM Rational Team Concert	<=6.0.6.1
IBM Rational Team Concert	<=6.0.6
IBM Engineering Lifecycle Management (ELM)	<=7.0
IBM Engineering Lifecycle Management	<=6.0.6.1
IBM Engineering Lifecycle Management	<=6.0.6
IBM Engineering Lifecycle Management	<=6.0.2
IBM InfoSphere Master Data Management	<=7.0
IBM Rational Rhapsody	<=6.0.6
IBM Rational Rhapsody	<=6.0.6.1
IBM Rational Rhapsody	<=6.0.2
IBM Collaborative Lifecycle Management	=6.0.2
IBM Collaborative Lifecycle Management	=6.0.6
IBM Collaborative Lifecycle Management	=6.0.6.1
IBM Rational DOORS Next Generation	=7.0
IBM Collaborative Lifecycle Management	=7.0
IBM Engineering Test Management (ETM)	=7.0
IBM Engineering Workflow Management (EWM)	=7.0
IBM Rational DOORS	=6.0.2
IBM Rational DOORS	=6.0.6
IBM Rational DOORS	=6.0.6.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.6
IBM Rational Quality Manager	=6.0.6.1
IBM Rational Team Concert	=6.0.2
IBM Rational Team Concert	=6.0.6
IBM Rational Team Concert	=6.0.6.1
IBM InfoSphere Master Data Management	=7.0
IBM Rational Rhapsody	=6.0.2
IBM Rational Rhapsody	=6.0.6
IBM Rational Rhapsody	=6.0.6.1

Remedy

https://www.ibm.com/support/pages/node/6249133

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6249133

Frequently Asked Questions

What is CVE-2019-4748?
CVE-2019-4748 is a vulnerability in IBM Jazz Team Server-based Applications that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
How severe is CVE-2019-4748?
CVE-2019-4748 has a severity value of 5.4, which is considered medium.
Which IBM products are affected by CVE-2019-4748?
IBM ETM 7.0, IBM RQM 6.0.6.1, IBM RQM 6.0.6, IBM RQM 6.0.2, IBM DOORS Next 7.0, IBM RDNG 6.0.2, IBM RDNG 6.0.6.1, IBM RDNG 6.0.6, IBM EWM 7.0, IBM RTC 6.0.2, IBM RTC 6.0.6.1, IBM RTC 6.0.6, IBM ELM 7.0, IBM CLM 6.0.6.1, IBM CLM 6.0.6, IBM CLM 6.0.2, IBM RDM 7.0, IBM Rhapsody DM 6.0.6, and IBM Rhapsody DM 6.0.6.1 are affected by CVE-2019-4748.
How can I fix CVE-2019-4748 vulnerability?
To fix the CVE-2019-4748 vulnerability, IBM recommends applying the necessary patches and fixes provided by IBM.
Where can I find more information about CVE-2019-4748 vulnerability?
More information about the CVE-2019-4748 vulnerability can be found on the IBM X-Force ID: 173174 page and the IBM support website.

agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/author
agent/weakness
agent/severity
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm engineering test management (etm)
version/ibm engineering test management (etm)/7.0
canonical/ibm rational quality manager
version/ibm rational quality manager/6.0.6.1
version/ibm rational quality manager/6.0.6
version/ibm rational quality manager/6.0.2
canonical/ibm rational doors next generation
version/ibm rational doors next generation/7.0
version/ibm rational doors next generation/6.0.2
version/ibm rational doors next generation/6.0.6.1
version/ibm rational doors next generation/6.0.6
canonical/ibm engineering workflow management (ewm)
version/ibm engineering workflow management (ewm)/7.0
canonical/ibm rational team concert
version/ibm rational team concert/6.0.2
version/ibm rational team concert/6.0.6.1
version/ibm rational team concert/6.0.6
canonical/ibm engineering lifecycle management (elm)
version/ibm engineering lifecycle management (elm)/7.0
canonical/ibm engineering lifecycle management
version/ibm engineering lifecycle management/6.0.6.1
version/ibm engineering lifecycle management/6.0.6
version/ibm engineering lifecycle management/6.0.2
canonical/ibm infosphere master data management
version/ibm infosphere master data management/7.0
canonical/ibm rational rhapsody
version/ibm rational rhapsody/6.0.6
version/ibm rational rhapsody/6.0.6.1
version/ibm rational rhapsody/6.0.2
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/6.0.2
version/ibm collaborative lifecycle management/6.0.6
version/ibm collaborative lifecycle management/6.0.6.1
version/ibm collaborative lifecycle management/7.0
canonical/ibm rational doors
version/ibm rational doors/6.0.2
version/ibm rational doors/6.0.6
version/ibm rational doors/6.0.6.1