What is the severity of CVE-2020-4964?

The severity of CVE-2020-4964 is currently undisclosed, but it poses a risk of phishing through custom messages.

How do I fix CVE-2020-4964?

To fix CVE-2020-4964, apply the latest security updates provided by IBM for the affected products.

Which IBM products are affected by CVE-2020-4964?

CVE-2020-4964 affects various IBM products including RDNG, DOORS Next, RQM, ETM, among others, up to specified versions.

Can CVE-2020-4964 be exploited by unauthenticated users?

No, CVE-2020-4964 can only be exploited by authenticated users of the affected IBM applications.

Is there a workaround for CVE-2020-4964?

Currently, there is no specific workaround available for CVE-2020-4964, so applying patches is the recommended action.

Vulnerability/
CVE-2020-4964

medium

4.3

9/4/2021

4/8/2024

CVE-2020-4964

First published: Fri Apr 09 2021(Updated: )

IBM Jazz Foundation contains an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM RDNG	<=6.0.2
IBM DOORS Next	<=7.0.2
IBM DOORS Next	<=7.0
IBM DOORS Next	<=7.0.1
IBM RDNG	<=6.0.6.1
IBM RDNG	<=6.0.6
IBM RQM	<=6.0.6.1
IBM ETM	<=7.0.1
IBM RQM	<=6.0.6
IBM ETM	<=7.0.0
IBM RQM	<=6.0.2
IBM ETM	<=7.0.2
IBM Removable Media Manager	<=7.0.1
IBM Rhapsody Model Manager	<=6.0.6
IBM Removable Media Manager	<=6.0.6.1
IBM Rhapsody Model Manager	<=6.0.2
IBM Removable Media Manager	<=6.0.6
IBM Rhapsody Model Manager	<=6.0.6.1
IBM Removable Media Manager	<=7.0
IBM Removable Media Manager	<=6.0.2
IBM EWM	<=7.0.1
IBM RTC	<=6.0.2
IBM RTC	<=6.0.6.1
IBM EWM	<=7.0
IBM RTC	<=6.0.6
IBM EWM	<=7.0.2
IBM CLM	<=6.0.6.1
IBM CLM	<=6.0.6
IBM ELM	<=7.0
IBM CLM	<=6.0.2
IBM ELM	<=7.0.1
IBM ELM	<=7.0.2
IBM RELM	<=6.0.6.1
IBM ENI	<=7.0.1
IBM RELM	<=6.0.6
IBM ENI	<=7.0
IBM RELM	<=6.0.2
IBM ENI	<=7.0.2
IBM Collaborative Lifecycle Management	=6.0.2
IBM Collaborative Lifecycle Management	=6.0.6
IBM Collaborative Lifecycle Management	=6.0.6.1
IBM DOORS Next	=7.0.0
IBM DOORS Next	=7.0.1
IBM DOORS Next	=7.0.2
IBM Engineering Insights	=7.0.0
IBM Engineering Insights	=7.0.1
IBM Engineering Insights	=7.0.2
IBM Engineering Lifecycle Manager	=7.0.0
IBM Engineering Lifecycle Manager	=7.0.1
IBM Engineering Lifecycle Manager	=7.0.2
IBM Engineering Requirements Management DOORS Next	=6.0.2
IBM Engineering Requirements Management DOORS Next	=6.0.6
IBM Engineering Requirements Management DOORS Next	=6.0.6.1
IBM Engineering Test Management	=7.0.0
IBM Engineering Test Management	=7.0.1
IBM Engineering Test Management	=7.0.2
IBM Engineering Workflow Management	=7.0.0
IBM Engineering Workflow Management	=7.0.1
IBM Engineering Workflow Management	=7.0.2
IBM Engineering Lifecycle Manager	=6.0.2
IBM Engineering Lifecycle Manager	=6.0.6
IBM Engineering Lifecycle Manager	=6.0.6.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.6
IBM Rational Quality Manager	=6.0.6.1
IBM Rational Team Concert	=6.0.2
IBM Rational Team Concert	=6.0.6
IBM Rational Team Concert	=6.0.6.1
IBM Removable Media Management	=6.0.2
IBM Removable Media Management	=6.0.6
IBM Removable Media Management	=6.0.6.1
IBM Removable Media Management	=7.0.0
IBM Removable Media Management	=7.0.1
IBM Rhapsody Model Manager	=6.0.2
IBM Rhapsody Model Manager	=6.0.6
IBM Rhapsody Model Manager	=6.0.6.1

Remedy

https://www.ibm.com/support/pages/node/6441803

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6441803

Frequently Asked Questions

What is the severity of CVE-2020-4964?
The severity of CVE-2020-4964 is currently undisclosed, but it poses a risk of phishing through custom messages.
How do I fix CVE-2020-4964?
To fix CVE-2020-4964, apply the latest security updates provided by IBM for the affected products.
Which IBM products are affected by CVE-2020-4964?
CVE-2020-4964 affects various IBM products including RDNG, DOORS Next, RQM, ETM, among others, up to specified versions.
Can CVE-2020-4964 be exploited by unauthenticated users?
No, CVE-2020-4964 can only be exploited by authenticated users of the affected IBM applications.
Is there a workaround for CVE-2020-4964?
Currently, there is no specific workaround available for CVE-2020-4964, so applying patches is the recommended action.

agent/references
agent/type
agent/first-publish-date
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/ibm
canonical/ibm rdng
version/ibm rdng/6.0.2
canonical/ibm doors next
version/ibm doors next/7.0.2
version/ibm doors next/7.0
version/ibm doors next/7.0.1
version/ibm rdng/6.0.6.1
version/ibm rdng/6.0.6
canonical/ibm rqm
version/ibm rqm/6.0.6.1
canonical/ibm etm
version/ibm etm/7.0.1
version/ibm rqm/6.0.6
version/ibm etm/7.0.0
version/ibm rqm/6.0.2
version/ibm etm/7.0.2
canonical/ibm removable media manager
version/ibm removable media manager/7.0.1
canonical/ibm rhapsody model manager
version/ibm rhapsody model manager/6.0.6
version/ibm removable media manager/6.0.6.1
version/ibm rhapsody model manager/6.0.2
version/ibm removable media manager/6.0.6
version/ibm rhapsody model manager/6.0.6.1
version/ibm removable media manager/7.0
version/ibm removable media manager/6.0.2
canonical/ibm ewm
version/ibm ewm/7.0.1
canonical/ibm rtc
version/ibm rtc/6.0.2
version/ibm rtc/6.0.6.1
version/ibm ewm/7.0
version/ibm rtc/6.0.6
version/ibm ewm/7.0.2
canonical/ibm clm
version/ibm clm/6.0.6.1
version/ibm clm/6.0.6
canonical/ibm elm
version/ibm elm/7.0
version/ibm clm/6.0.2
version/ibm elm/7.0.1
version/ibm elm/7.0.2
canonical/ibm relm
version/ibm relm/6.0.6.1
canonical/ibm eni
version/ibm eni/7.0.1
version/ibm relm/6.0.6
version/ibm eni/7.0
version/ibm relm/6.0.2
version/ibm eni/7.0.2
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/6.0.2
version/ibm collaborative lifecycle management/6.0.6
version/ibm collaborative lifecycle management/6.0.6.1
version/ibm doors next/7.0.0
canonical/ibm engineering insights
version/ibm engineering insights/7.0.0
version/ibm engineering insights/7.0.1
version/ibm engineering insights/7.0.2
canonical/ibm engineering lifecycle manager
version/ibm engineering lifecycle manager/7.0.0
version/ibm engineering lifecycle manager/7.0.1
version/ibm engineering lifecycle manager/7.0.2
canonical/ibm engineering requirements management doors next
version/ibm engineering requirements management doors next/6.0.2
version/ibm engineering requirements management doors next/6.0.6
version/ibm engineering requirements management doors next/6.0.6.1
canonical/ibm engineering test management
version/ibm engineering test management/7.0.0
version/ibm engineering test management/7.0.1
version/ibm engineering test management/7.0.2
canonical/ibm engineering workflow management
version/ibm engineering workflow management/7.0.0
version/ibm engineering workflow management/7.0.1
version/ibm engineering workflow management/7.0.2
version/ibm engineering lifecycle manager/6.0.2
version/ibm engineering lifecycle manager/6.0.6
version/ibm engineering lifecycle manager/6.0.6.1
canonical/ibm rational quality manager
version/ibm rational quality manager/6.0.2
version/ibm rational quality manager/6.0.6
version/ibm rational quality manager/6.0.6.1
canonical/ibm rational team concert
version/ibm rational team concert/6.0.2
version/ibm rational team concert/6.0.6
version/ibm rational team concert/6.0.6.1
canonical/ibm removable media management
version/ibm removable media management/6.0.2
version/ibm removable media management/6.0.6
version/ibm removable media management/6.0.6.1
version/ibm removable media management/7.0.0
version/ibm removable media management/7.0.1