What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2020-4524.

What is the severity of CVE-2020-4524?

The severity of CVE-2020-4524 is medium with a severity value of 5.4.

Which products are affected by CVE-2020-4524?

IBM Jazz Foundation products like EWM, RTC, RDNG, Rhapsody DM, RDM, RMM, CLM, ELM, RQM, ENI, Global Configuration Management, RELM, and Engineering Workflow Management, are affected by CVE-2020-4524.

What is the risk of CVE-2020-4524?

CVE-2020-4524 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.

Is there a fix available for CVE-2020-4524?

Yes, IBM has provided a fix for CVE-2020-4524. Please refer to the IBM support page for more information.

Vulnerability/
CVE-2020-4524

medium

5.4

CWE

26/1/2021

4/8/2024

CVE-2020-4524: XSS

First published: Tue Jan 26 2021(Updated: )

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Collaborative Lifecycle Management	=6.0.2
Ibm Collaborative Lifecycle Management	=6.0.6
Ibm Collaborative Lifecycle Management	=6.0.6.1
IBM ENI	=7.0
IBM Engineering Lifecycle Management	=7.0
IBM Engineering Requirements Management DOORS Next	=6.0.2
IBM Engineering Requirements Management DOORS Next	=6.0.6
IBM Engineering Requirements Management DOORS Next	=6.0.6.1
IBM Engineering Requirements Management DOORS Next	=7.0
IBM Engineering Test Management	=7.0.0
IBM Engineering Workflow Management	=6.0.2
IBM Engineering Workflow Management	=6.0.6
IBM Engineering Workflow Management	=6.0.6.1
IBM Engineering Workflow Management	=7.0
IBM Engineering Workflow Management	=7.0.2
IBM Global Configuration Management
IBM Rational Engineering Lifecycle Manager	=6.0.2
IBM Rational Engineering Lifecycle Manager	=6.0.6
IBM Rational Engineering Lifecycle Manager	=6.0.6.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.6
IBM Rational Quality Manager	=6.0.6.1
Ibm Rhapsody Design Manager	=6.0.2
Ibm Rhapsody Design Manager	=6.0.6
Ibm Rhapsody Design Manager	=6.0.6.1
Ibm Rhapsody Design Manager	=7.0
IBM Rhapsody Model Manager	=6.0.2
IBM Rhapsody Model Manager	=6.0.6
IBM Rhapsody Model Manager	=6.0.6.1
IBM Rhapsody Model Manager	=7.0
	<=7.0.2
	<=6.0.2
	<=6.0.6.1
	<=7.0
	<=6.0.6
	<=6.0.2
	<=7.0
	<=6.0.6.1
	<=6.0.6
	<=6.0.6
	<=6.0.6.1
	<=6.0.2
	<=7.0
	<=6.0.6.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=6.0.6.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=6.0.6.1
	<=6.0.6
	<=7.0.0
	<=6.0.2
	<=6.0.6.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=All

Remedy

https://www.ibm.com/support/pages/node/6408694

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6408694

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-4524.
What is the severity of CVE-2020-4524?
The severity of CVE-2020-4524 is medium with a severity value of 5.4.
Which products are affected by CVE-2020-4524?
IBM Jazz Foundation products like EWM, RTC, RDNG, Rhapsody DM, RDM, RMM, CLM, ELM, RQM, ENI, Global Configuration Management, RELM, and Engineering Workflow Management, are affected by CVE-2020-4524.
What is the risk of CVE-2020-4524?
CVE-2020-4524 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
Is there a fix available for CVE-2020-4524?
Yes, IBM has provided a fix for CVE-2020-4524. Please refer to the IBM support page for more information.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/weakness
agent/remedy
agent/author
agent/severity
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/6.0.2
version/ibm collaborative lifecycle management/6.0.6
version/ibm collaborative lifecycle management/6.0.6.1
canonical/ibm eni
version/ibm eni/7.0
canonical/ibm engineering lifecycle management
version/ibm engineering lifecycle management/7.0
canonical/ibm engineering requirements management doors next
version/ibm engineering requirements management doors next/6.0.2
version/ibm engineering requirements management doors next/6.0.6
version/ibm engineering requirements management doors next/6.0.6.1
version/ibm engineering requirements management doors next/7.0
canonical/ibm engineering test management
version/ibm engineering test management/7.0.0
canonical/ibm engineering workflow management
version/ibm engineering workflow management/6.0.2
version/ibm engineering workflow management/6.0.6
version/ibm engineering workflow management/6.0.6.1
version/ibm engineering workflow management/7.0
version/ibm engineering workflow management/7.0.2
canonical/ibm global configuration management
canonical/ibm rational engineering lifecycle manager
version/ibm rational engineering lifecycle manager/6.0.2
version/ibm rational engineering lifecycle manager/6.0.6
version/ibm rational engineering lifecycle manager/6.0.6.1
canonical/ibm rational quality manager
version/ibm rational quality manager/6.0.2
version/ibm rational quality manager/6.0.6
version/ibm rational quality manager/6.0.6.1
canonical/ibm rhapsody design manager
version/ibm rhapsody design manager/6.0.2
version/ibm rhapsody design manager/6.0.6
version/ibm rhapsody design manager/6.0.6.1
version/ibm rhapsody design manager/7.0
canonical/ibm rhapsody model manager
version/ibm rhapsody model manager/6.0.2
version/ibm rhapsody model manager/6.0.6
version/ibm rhapsody model manager/6.0.6.1
version/ibm rhapsody model manager/7.0
canonical/ibm ewm
version/ibm ewm/7.0.2
canonical/ibm rtc
version/ibm rtc/6.0.2
version/ibm rtc/6.0.6.1
version/ibm ewm/7.0
version/ibm rtc/6.0.6
canonical/ibm rdng
version/ibm rdng/6.0.2
canonical/ibm doors next
version/ibm doors next/7.0
version/ibm rdng/6.0.6.1
version/ibm rdng/6.0.6
canonical/ibm rhapsody dm
version/ibm rhapsody dm/6.0.6
version/ibm rhapsody dm/6.0.6.1
version/ibm rhapsody dm/6.0.2
canonical/ibm rdm
version/ibm rdm/7.0
canonical/ibm rmm
version/ibm rmm/6.0.6.1
version/ibm rmm/6.0.6
version/ibm rmm/7.0
version/ibm rmm/6.0.2
canonical/ibm clm
version/ibm clm/6.0.6.1
version/ibm clm/6.0.6
canonical/ibm elm
version/ibm elm/7.0
version/ibm clm/6.0.2
canonical/ibm rqm
version/ibm rqm/6.0.6.1
version/ibm rqm/6.0.6
canonical/ibm etm
version/ibm etm/7.0.0
version/ibm rqm/6.0.2
canonical/ibm relm
version/ibm relm/6.0.6.1
version/ibm relm/6.0.6
version/ibm relm/6.0.2
version/ibm global configuration management/all