What is CVE-2020-4865?

CVE-2020-4865 is a vulnerability in IBM Engineering Workflow Management that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.

What is the severity of CVE-2020-4865?

The severity of CVE-2020-4865 is medium with a CVSS score of 5.4.

Which products are affected by CVE-2020-4865?

IBM Engineering Workflow Management (versions up to 7.0.2) and other IBM Jazz Foundation products (versions up to 6.0.2 and 6.0.6.1) are affected by CVE-2020-4865.

How can I fix CVE-2020-4865?

To fix CVE-2020-4865, it is recommended to upgrade IBM Engineering Workflow Management and other affected products to the latest available version.

Where can I find more information about CVE-2020-4865?

You can find more information about CVE-2020-4865 on the IBM X-Force Exchange (CVE-2020-4865) and IBM Support websites.

Vulnerability/
CVE-2020-4865

medium

5.4

CWE

26/1/2021

27/1/2021

16/9/2024

CVE-2020-4865: XSS

First published: Tue Jan 26 2021(Updated: )

IBM Engineering Workflow Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Collaborative Lifecycle Management	=6.0.2
Ibm Collaborative Lifecycle Management	=6.0.6
Ibm Collaborative Lifecycle Management	=6.0.6.1
IBM ENI	=7.0
IBM Engineering Lifecycle Management	=7.0
IBM Engineering Requirements Management DOORS Next	=6.0.2
IBM Engineering Requirements Management DOORS Next	=6.0.6
IBM Engineering Requirements Management DOORS Next	=6.0.6.1
IBM Engineering Requirements Management DOORS Next	=7.0
IBM Engineering Test Management	=7.0.0
IBM Engineering Workflow Management	=6.0.2
IBM Engineering Workflow Management	=6.0.6
IBM Engineering Workflow Management	=6.0.6.1
IBM Engineering Workflow Management	=7.0
IBM Engineering Workflow Management	=7.0.2
IBM Global Configuration Management
IBM Rational Engineering Lifecycle Manager	=6.0.2
IBM Rational Engineering Lifecycle Manager	=6.0.6
IBM Rational Engineering Lifecycle Manager	=6.0.6.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.6
IBM Rational Quality Manager	=6.0.6.1
Ibm Rhapsody Design Manager	=6.0.2
Ibm Rhapsody Design Manager	=6.0.6
Ibm Rhapsody Design Manager	=6.0.6.1
Ibm Rhapsody Design Manager	=7.0
IBM Rhapsody Model Manager	=6.0.2
IBM Rhapsody Model Manager	=6.0.6
IBM Rhapsody Model Manager	=6.0.6.1
IBM Rhapsody Model Manager	=7.0
	<=7.0.2
	<=6.0.2
	<=6.0.6.1
	<=7.0
	<=6.0.6
	<=6.0.2
	<=7.0
	<=6.0.6.1
	<=6.0.6
	<=6.0.6
	<=6.0.6.1
	<=6.0.2
	<=7.0
	<=6.0.6.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=6.0.6.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=6.0.6.1
	<=6.0.6
	<=7.0.0
	<=6.0.2
	<=6.0.6.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=All

Remedy

https://www.ibm.com/support/pages/node/6408694

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6408694

Frequently Asked Questions

What is CVE-2020-4865?
CVE-2020-4865 is a vulnerability in IBM Engineering Workflow Management that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
What is the severity of CVE-2020-4865?
The severity of CVE-2020-4865 is medium with a CVSS score of 5.4.
Which products are affected by CVE-2020-4865?
IBM Engineering Workflow Management (versions up to 7.0.2) and other IBM Jazz Foundation products (versions up to 6.0.2 and 6.0.6.1) are affected by CVE-2020-4865.
How can I fix CVE-2020-4865?
To fix CVE-2020-4865, it is recommended to upgrade IBM Engineering Workflow Management and other affected products to the latest available version.
Where can I find more information about CVE-2020-4865?
You can find more information about CVE-2020-4865 on the IBM X-Force Exchange (CVE-2020-4865) and IBM Support websites.

collector/nvd-index
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/weakness
agent/remedy
agent/author
agent/severity
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/6.0.2
version/ibm collaborative lifecycle management/6.0.6
version/ibm collaborative lifecycle management/6.0.6.1
canonical/ibm eni
version/ibm eni/7.0
canonical/ibm engineering lifecycle management
version/ibm engineering lifecycle management/7.0
canonical/ibm engineering requirements management doors next
version/ibm engineering requirements management doors next/6.0.2
version/ibm engineering requirements management doors next/6.0.6
version/ibm engineering requirements management doors next/6.0.6.1
version/ibm engineering requirements management doors next/7.0
canonical/ibm engineering test management
version/ibm engineering test management/7.0.0
canonical/ibm engineering workflow management
version/ibm engineering workflow management/6.0.2
version/ibm engineering workflow management/6.0.6
version/ibm engineering workflow management/6.0.6.1
version/ibm engineering workflow management/7.0
version/ibm engineering workflow management/7.0.2
canonical/ibm global configuration management
canonical/ibm rational engineering lifecycle manager
version/ibm rational engineering lifecycle manager/6.0.2
version/ibm rational engineering lifecycle manager/6.0.6
version/ibm rational engineering lifecycle manager/6.0.6.1
canonical/ibm rational quality manager
version/ibm rational quality manager/6.0.2
version/ibm rational quality manager/6.0.6
version/ibm rational quality manager/6.0.6.1
canonical/ibm rhapsody design manager
version/ibm rhapsody design manager/6.0.2
version/ibm rhapsody design manager/6.0.6
version/ibm rhapsody design manager/6.0.6.1
version/ibm rhapsody design manager/7.0
canonical/ibm rhapsody model manager
version/ibm rhapsody model manager/6.0.2
version/ibm rhapsody model manager/6.0.6
version/ibm rhapsody model manager/6.0.6.1
version/ibm rhapsody model manager/7.0
canonical/ibm ewm
version/ibm ewm/7.0.2
canonical/ibm rtc
version/ibm rtc/6.0.2
version/ibm rtc/6.0.6.1
version/ibm ewm/7.0
version/ibm rtc/6.0.6
canonical/ibm rdng
version/ibm rdng/6.0.2
canonical/ibm doors next
version/ibm doors next/7.0
version/ibm rdng/6.0.6.1
version/ibm rdng/6.0.6
canonical/ibm rhapsody dm
version/ibm rhapsody dm/6.0.6
version/ibm rhapsody dm/6.0.6.1
version/ibm rhapsody dm/6.0.2
canonical/ibm rdm
version/ibm rdm/7.0
canonical/ibm rmm
version/ibm rmm/6.0.6.1
version/ibm rmm/6.0.6
version/ibm rmm/7.0
version/ibm rmm/6.0.2
canonical/ibm clm
version/ibm clm/6.0.6.1
version/ibm clm/6.0.6
canonical/ibm elm
version/ibm elm/7.0
version/ibm clm/6.0.2
canonical/ibm rqm
version/ibm rqm/6.0.6.1
version/ibm rqm/6.0.6
canonical/ibm etm
version/ibm etm/7.0.0
version/ibm rqm/6.0.2
canonical/ibm relm
version/ibm relm/6.0.6.1
version/ibm relm/6.0.6
version/ibm relm/6.0.2
version/ibm global configuration management/all