What is the severity of CVE-2020-4487?

The severity of CVE-2020-4487 is medium with a CVSS score of 4.3.

Which products are affected by CVE-2020-4487?

The products affected by CVE-2020-4487 include IBM Collaborative Lifecycle Management, IBM DOORS Next, IBM Engineering Insights, IBM Engineering Lifecycle Management, IBM Engineering Test Management, and IBM Engineering Workflow Management, among others.

How can a remote attacker exploit CVE-2020-4487?

A remote attacker can exploit CVE-2020-4487 by sending a specially crafted request to the vulnerable system and obtaining sensitive information from the detailed technical error message returned in the browser.

Is there a fix for CVE-2020-4487?

Yes, IBM has provided fixes for the affected products. It is recommended to apply the latest security updates to mitigate the vulnerability.

Vulnerability/
CVE-2020-4487

medium

4.3

CWE

209

7/1/2021

4/8/2024

CVE-2020-4487

Q: What is CVE-2020-4487?

CVE-2020-4487 is a vulnerability that allows a remote attacker to obtain sensitive information in IBM Engineering Workflow Management.

First published: Thu Jan 07 2021(Updated: )

IBM Engineering Workflow Management could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Removable Media Manager	<=6.0.6.1
IBM Removable Media Manager	<=6.0.6
IBM Removable Media Manager	<=7.0
IBM Removable Media Manager	<=7.0.1
IBM Removable Media Manager	<=6.0.2
IBM Engineering Lifecycle Management (ELM)	<=6.0.6.1
IBM Engineering Lifecycle Management (ELM)	<=6.0.6
IBM ENI	<=7.0
IBM ENI	<=7.0.1
IBM Engineering Lifecycle Management (ELM)	<=6.0.2
IBM Engineering Workflow Management (EWM)	<=7.0.1
IBM Rational Team Concert	<=6.0.6
IBM Rational Team Concert	<=6.0.2
IBM Rational Team Concert	<=6.0.6.1
IBM Engineering Workflow Management (EWM)	<=7.0
IBM Engineering Lifecycle Management	<=6.0.6.1
IBM Engineering Lifecycle Management	<=6.0.6
IBM Engineering Lifecycle Management (ELM)	<=7.0
IBM Engineering Lifecycle Management (ELM)	<=7.0.1
IBM Engineering Lifecycle Management	<=6.0.2
IBM Rational Rhapsody	<=6.0.6
IBM Rational Rhapsody	<=6.0.6.1
IBM Rational Rhapsody	<=6.0.2
IBM InfoSphere Master Data Management	<=7.0
IBM InfoSphere Master Data Management	<=7.0.1
IBM Rational Quality Manager (RQM)	<=6.0.6.1
IBM Rational Quality Manager (RQM)	<=6.0.6
IBM Engineering Test Management (ETM)	<=7.0.0
IBM Rational Quality Manager (RQM)	<=6.0.2
IBM Rational DOORS Next Generation	<=6.0.2
IBM Rational DOORS Next Generation	<=7.0
IBM Rational DOORS Next Generation	<=7.0.1
IBM Rational DOORS Next Generation	<=6.0.6.1
IBM Rational DOORS Next Generation	<=6.0.6
IBM Collaborative Lifecycle Management	=6.0.2
IBM Collaborative Lifecycle Management	=6.0.6
IBM Collaborative Lifecycle Management	=6.0.6.1
IBM Rational DOORS Next Generation	=7.0
IBM Rational DOORS Next Generation	=7.0.1
IBM Engineering Insights	=7.0
IBM Engineering Insights	=7.0.1
IBM Engineering Lifecycle Manager	=7.0
IBM Engineering Lifecycle Manager	=7.0.1
IBM Engineering Test Management (ETM)	=7.0.0
IBM Engineering Workflow Management (EWM)	=7.0
IBM Engineering Workflow Management (EWM)	=7.0.1
IBM Engineering Requirements Management DOORS Next Generation	=6.0.2
IBM Engineering Requirements Management DOORS Next Generation	=6.0.6
IBM Engineering Requirements Management DOORS Next Generation	=6.0.6.1
IBM Engineering Lifecycle Manager	=6.0.6
IBM Engineering Lifecycle Manager	=6.0.6.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.6
IBM Rational Quality Manager	=6.0.6.1
IBM Rational Rhapsody	=6.0.2
IBM Rational Rhapsody	=6.0.6
IBM Rational Rhapsody	=6.0.6.1
IBM Rational Team Concert	=6.0.2
IBM Rational Team Concert	=6.0.6
IBM Rational Team Concert	=6.0.6.1
IBM InfoSphere Master Data Management	=7.0
IBM InfoSphere Master Data Management	=7.0.1
IBM Rhapsody Model Manager	=6.0.2
IBM Rhapsody Model Manager	=6.0.6
IBM Rhapsody Model Manager	=6.0.6.1
IBM Rhapsody Model Manager	=7.0
IBM Rhapsody Model Manager	=7.0.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6398742

Frequently Asked Questions

What is CVE-2020-4487?
CVE-2020-4487 is a vulnerability that allows a remote attacker to obtain sensitive information in IBM Engineering Workflow Management.
What is the severity of CVE-2020-4487?
The severity of CVE-2020-4487 is medium with a CVSS score of 4.3.
Which products are affected by CVE-2020-4487?
The products affected by CVE-2020-4487 include IBM Collaborative Lifecycle Management, IBM DOORS Next, IBM Engineering Insights, IBM Engineering Lifecycle Management, IBM Engineering Test Management, and IBM Engineering Workflow Management, among others.
How can a remote attacker exploit CVE-2020-4487?
A remote attacker can exploit CVE-2020-4487 by sending a specially crafted request to the vulnerable system and obtaining sensitive information from the detailed technical error message returned in the browser.
Is there a fix for CVE-2020-4487?
Yes, IBM has provided fixes for the affected products. It is recommended to apply the latest security updates to mitigate the vulnerability.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/ibm
canonical/ibm removable media manager
version/ibm removable media manager/6.0.6.1
version/ibm removable media manager/6.0.6
version/ibm removable media manager/7.0
version/ibm removable media manager/7.0.1
version/ibm removable media manager/6.0.2
canonical/ibm engineering lifecycle management (elm)
version/ibm engineering lifecycle management (elm)/6.0.6.1
version/ibm engineering lifecycle management (elm)/6.0.6
canonical/ibm eni
version/ibm eni/7.0
version/ibm eni/7.0.1
version/ibm engineering lifecycle management (elm)/6.0.2
canonical/ibm engineering workflow management (ewm)
version/ibm engineering workflow management (ewm)/7.0.1
canonical/ibm rational team concert
version/ibm rational team concert/6.0.6
version/ibm rational team concert/6.0.2
version/ibm rational team concert/6.0.6.1
version/ibm engineering workflow management (ewm)/7.0
canonical/ibm engineering lifecycle management
version/ibm engineering lifecycle management/6.0.6.1
version/ibm engineering lifecycle management/6.0.6
version/ibm engineering lifecycle management (elm)/7.0
version/ibm engineering lifecycle management (elm)/7.0.1
version/ibm engineering lifecycle management/6.0.2
canonical/ibm rational rhapsody
version/ibm rational rhapsody/6.0.6
version/ibm rational rhapsody/6.0.6.1
version/ibm rational rhapsody/6.0.2
canonical/ibm infosphere master data management
version/ibm infosphere master data management/7.0
version/ibm infosphere master data management/7.0.1
canonical/ibm rational quality manager (rqm)
version/ibm rational quality manager (rqm)/6.0.6.1
version/ibm rational quality manager (rqm)/6.0.6
canonical/ibm engineering test management (etm)
version/ibm engineering test management (etm)/7.0.0
version/ibm rational quality manager (rqm)/6.0.2
canonical/ibm rational doors next generation
version/ibm rational doors next generation/6.0.2
version/ibm rational doors next generation/7.0
version/ibm rational doors next generation/7.0.1
version/ibm rational doors next generation/6.0.6.1
version/ibm rational doors next generation/6.0.6
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/6.0.2
version/ibm collaborative lifecycle management/6.0.6
version/ibm collaborative lifecycle management/6.0.6.1
canonical/ibm engineering insights
version/ibm engineering insights/7.0
version/ibm engineering insights/7.0.1
canonical/ibm engineering lifecycle manager
version/ibm engineering lifecycle manager/7.0
version/ibm engineering lifecycle manager/7.0.1
canonical/ibm engineering requirements management doors next generation
version/ibm engineering requirements management doors next generation/6.0.2
version/ibm engineering requirements management doors next generation/6.0.6
version/ibm engineering requirements management doors next generation/6.0.6.1
version/ibm engineering lifecycle manager/6.0.6
version/ibm engineering lifecycle manager/6.0.6.1
canonical/ibm rational quality manager
version/ibm rational quality manager/6.0.2
version/ibm rational quality manager/6.0.6
version/ibm rational quality manager/6.0.6.1
canonical/ibm rhapsody model manager
version/ibm rhapsody model manager/6.0.2
version/ibm rhapsody model manager/6.0.6
version/ibm rhapsody model manager/6.0.6.1
version/ibm rhapsody model manager/7.0
version/ibm rhapsody model manager/7.0.1

CVE-2020-4487

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2020-4487?

What is the severity of CVE-2020-4487?

Which products are affected by CVE-2020-4487?

How can a remote attacker exploit CVE-2020-4487?

Is there a fix for CVE-2020-4487?

Company

Resources

Contact