CVE-2020-4495
First published: Mon May 31 2021(Updated: )
IBM Engineering Systems Design Rhapsody - Model Manager could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Collaborative Lifecycle Management | =6.0.6 | |
| Ibm Collaborative Lifecycle Management | =6.0.6.1 | |
| IBM Engineering Lifecycle Management | =7.0 | |
| IBM Engineering Lifecycle Management | =7.0.1 | |
| IBM Engineering Lifecycle Management | =7.0.2 | |
| IBM Engineering Lifecycle Optimization - Engineering Insights | =7.0 | |
| IBM Engineering Lifecycle Optimization - Engineering Insights | =7.0.1 | |
| IBM Engineering Lifecycle Optimization - Engineering Insights | =7.0.2 | |
| IBM Engineering Lifecycle Optimization - Publishing | =7.0 | |
| IBM Engineering Lifecycle Optimization - Publishing | =7.0.1 | |
| IBM Engineering Lifecycle Optimization - Publishing | =7.0.2 | |
| IBM Engineering Test Management | =7.0.0 | |
| IBM Engineering Test Management | =7.0.1 | |
| IBM Rational DOORS Next Generation | =6.0.6 | |
| IBM Rational DOORS Next Generation | =6.0.6.1 | |
| IBM Rational DOORS Next Generation | =7.0 | |
| IBM Rational DOORS Next Generation | =7.0.1 | |
| IBM Rational DOORS Next Generation | =7.0.2 | |
| IBM Rational Engineering Lifecycle Manager | =6.0.6 | |
| IBM Rational Engineering Lifecycle Manager | =6.0.6.1 | |
| IBM Rational Quality Manager | =6.0.6 | |
| IBM Rational Quality Manager | =6.0.6.1 | |
| Ibm Removable Media Manager | =6.0.6 | |
| Ibm Removable Media Manager | =6.0.6.1 | |
| Ibm Removable Media Manager | =7.0 | |
| IBM DOORS Next | <=7.0.2 | |
| IBM DOORS Next | <=7.0 | |
| IBM DOORS Next | <=7.0.1 | |
| IBM RDNG | <=6.0.6.1 | |
| IBM RDNG | <=6.0.6 | |
| IBM Pub | <=7.0.1 | |
| IBM Pub | <=7.0.2 | |
| IBM Pub | <=7.0 | |
| IBM RQM | <=6.0.6.1 | |
| IBM ETM | <=7.0.1 | |
| IBM RQM | <=6.0.6 | |
| IBM ETM | <=7.0.0 | |
| IBM CLM | <=6.0.6.1 | |
| IBM CLM | <=6.0.6 | |
| IBM ELM | <=7.0.2 | |
| IBM ELM | <=7.0 | |
| IBM ELM | <=7.0.1 | |
| IBM RMM | <=6.0.6.1 | |
| IBM RMM | <=6.0.6 | |
| IBM RMM | <=7.0 | |
| IBM RELM | <=6.0.6.1 | |
| IBM ENI | <=7.0.1 | |
| IBM RELM | <=6.0.6 | |
| IBM ENI | <=7.0 | |
| IBM ENI | <=7.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-4495.
What is the severity level of CVE-2020-4495?
The severity level of CVE-2020-4495 is critical.
Which software versions are affected by CVE-2020-4495?
CVE-2020-4495 affects IBM Collaborative Lifecycle Management versions 6.0.6 and 6.0.6.1, IBM Engineering Lifecycle Management versions 7.0, 7.0.1, and 7.0.2, and other related IBM products.
What is the nature of this vulnerability?
CVE-2020-4495 is a security bypass vulnerability that allows a remote attacker to bypass access restrictions and execute arbitrary code.
Where can I find more information about CVE-2020-4495?
More information about CVE-2020-4495 can be found on the IBM X-Force Exchange website and the IBM support pages.
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/6.0.6
- version/ibm collaborative lifecycle management/6.0.6.1
- canonical/ibm engineering lifecycle management
- version/ibm engineering lifecycle management/7.0
- version/ibm engineering lifecycle management/7.0.1
- version/ibm engineering lifecycle management/7.0.2
- canonical/ibm engineering lifecycle optimization - engineering insights
- version/ibm engineering lifecycle optimization - engineering insights/7.0
- version/ibm engineering lifecycle optimization - engineering insights/7.0.1
- version/ibm engineering lifecycle optimization - engineering insights/7.0.2
- canonical/ibm engineering lifecycle optimization - publishing
- version/ibm engineering lifecycle optimization - publishing/7.0
- version/ibm engineering lifecycle optimization - publishing/7.0.1
- version/ibm engineering lifecycle optimization - publishing/7.0.2
- canonical/ibm engineering test management
- version/ibm engineering test management/7.0.0
- version/ibm engineering test management/7.0.1
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/6.0.6
- version/ibm rational doors next generation/6.0.6.1
- version/ibm rational doors next generation/7.0
- version/ibm rational doors next generation/7.0.1
- version/ibm rational doors next generation/7.0.2
- canonical/ibm rational engineering lifecycle manager
- version/ibm rational engineering lifecycle manager/6.0.6
- version/ibm rational engineering lifecycle manager/6.0.6.1
- canonical/ibm rational quality manager
- version/ibm rational quality manager/6.0.6
- version/ibm rational quality manager/6.0.6.1
- canonical/ibm removable media manager
- version/ibm removable media manager/6.0.6
- version/ibm removable media manager/6.0.6.1
- version/ibm removable media manager/7.0
- canonical/ibm doors next
- version/ibm doors next/7.0.2
- version/ibm doors next/7.0
- version/ibm doors next/7.0.1
- canonical/ibm rdng
- version/ibm rdng/6.0.6.1
- version/ibm rdng/6.0.6
- canonical/ibm pub
- version/ibm pub/7.0.1
- version/ibm pub/7.0.2
- version/ibm pub/7.0
- canonical/ibm rqm
- version/ibm rqm/6.0.6.1
- canonical/ibm etm
- version/ibm etm/7.0.1
- version/ibm rqm/6.0.6
- version/ibm etm/7.0.0
- canonical/ibm clm
- version/ibm clm/6.0.6.1
- version/ibm clm/6.0.6
- canonical/ibm elm
- version/ibm elm/7.0.2
- version/ibm elm/7.0
- version/ibm elm/7.0.1
- canonical/ibm rmm
- version/ibm rmm/6.0.6.1
- version/ibm rmm/6.0.6
- version/ibm rmm/7.0
- canonical/ibm relm
- version/ibm relm/6.0.6.1
- canonical/ibm eni
- version/ibm eni/7.0.1
- version/ibm relm/6.0.6
- version/ibm eni/7.0
- version/ibm eni/7.0.2