What is the severity of CVE-2020-4965?

CVE-2020-4965 is classified as a medium severity vulnerability due to its potential to allow decryption of sensitive information.

How do I fix CVE-2020-4965?

To fix CVE-2020-4965, upgrade to the appropriate patched version of the affected IBM products listed in the vulnerability details.

What products are affected by CVE-2020-4965?

CVE-2020-4965 affects several IBM products including IBM RDNG, IBM DOORS Next, and IBM RQM among others.

What are the potential impacts of CVE-2020-4965?

The potential impacts of CVE-2020-4965 include unauthorized decryption of highly sensitive information, posing a risk to data confidentiality.

Is there a workaround for CVE-2020-4965?

While the best approach is to apply patches, consult IBM support for possible temporary workarounds to mitigate the impact of CVE-2020-4965.

Vulnerability/
CVE-2020-4965

high

7.5

CWE

327

9/4/2021

4/8/2024

CVE-2020-4965

First published: Fri Apr 09 2021(Updated: )

IBM Jazz Foundation uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM RDNG	<=6.0.2
IBM DOORS Next	<=7.0.2
IBM DOORS Next	<=7.0
IBM DOORS Next	<=7.0.1
IBM RDNG	<=6.0.6.1
IBM RDNG	<=6.0.6
IBM RQM	<=6.0.6.1
IBM ETM	<=7.0.1
IBM RQM	<=6.0.6
IBM ETM	<=7.0.0
IBM RQM	<=6.0.2
IBM ETM	<=7.0.2
IBM Removable Media Manager	<=7.0.1
IBM Rhapsody Model Manager	<=6.0.6
IBM Removable Media Manager	<=6.0.6.1
IBM Rhapsody Model Manager	<=6.0.2
IBM Removable Media Manager	<=6.0.6
IBM Rhapsody Model Manager	<=6.0.6.1
IBM Removable Media Manager	<=7.0
IBM Removable Media Manager	<=6.0.2
IBM EWM	<=7.0.1
IBM RTC	<=6.0.2
IBM RTC	<=6.0.6.1
IBM EWM	<=7.0
IBM RTC	<=6.0.6
IBM EWM	<=7.0.2
IBM CLM	<=6.0.6.1
IBM CLM	<=6.0.6
IBM ELM	<=7.0
IBM CLM	<=6.0.2
IBM ELM	<=7.0.1
IBM ELM	<=7.0.2
IBM RELM	<=6.0.6.1
IBM ENI	<=7.0.1
IBM RELM	<=6.0.6
IBM ENI	<=7.0
IBM RELM	<=6.0.2
IBM ENI	<=7.0.2
IBM Collaborative Lifecycle Management	=6.0.2
IBM Collaborative Lifecycle Management	=6.0.6
IBM Collaborative Lifecycle Management	=6.0.6.1
IBM DOORS Next	=7.0.0
IBM DOORS Next	=7.0.1
IBM DOORS Next	=7.0.2
IBM Engineering Insights	=7.0.0
IBM Engineering Insights	=7.0.1
IBM Engineering Insights	=7.0.2
IBM Engineering Lifecycle Manager	=7.0.0
IBM Engineering Lifecycle Manager	=7.0.1
IBM Engineering Lifecycle Manager	=7.0.2
IBM Engineering Requirements Management DOORS Next	=6.0.2
IBM Engineering Requirements Management DOORS Next	=6.0.6
IBM Engineering Requirements Management DOORS Next	=6.0.6.1
IBM Engineering Test Management	=7.0.0
IBM Engineering Test Management	=7.0.1
IBM Engineering Test Management	=7.0.2
IBM Engineering Workflow Management	=7.0.0
IBM Engineering Workflow Management	=7.0.1
IBM Engineering Workflow Management	=7.0.2
IBM Engineering Lifecycle Manager	=6.0.2
IBM Engineering Lifecycle Manager	=6.0.6
IBM Engineering Lifecycle Manager	=6.0.6.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.6
IBM Rational Quality Manager	=6.0.6.1
IBM Rational Team Concert	=6.0.2
IBM Rational Team Concert	=6.0.6
IBM Rational Team Concert	=6.0.6.1
IBM Removable Media Management	=6.0.2
IBM Removable Media Management	=6.0.6
IBM Removable Media Management	=6.0.6.1
IBM Removable Media Management	=7.0.0
IBM Removable Media Management	=7.0.1
IBM Rhapsody Model Manager	=6.0.2
IBM Rhapsody Model Manager	=6.0.6
IBM Rhapsody Model Manager	=6.0.6.1

Remedy

https://www.ibm.com/support/pages/node/6441803

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6441803

Frequently Asked Questions

What is the severity of CVE-2020-4965?
CVE-2020-4965 is classified as a medium severity vulnerability due to its potential to allow decryption of sensitive information.
How do I fix CVE-2020-4965?
To fix CVE-2020-4965, upgrade to the appropriate patched version of the affected IBM products listed in the vulnerability details.
What products are affected by CVE-2020-4965?
CVE-2020-4965 affects several IBM products including IBM RDNG, IBM DOORS Next, and IBM RQM among others.
What are the potential impacts of CVE-2020-4965?
The potential impacts of CVE-2020-4965 include unauthorized decryption of highly sensitive information, posing a risk to data confidentiality.
Is there a workaround for CVE-2020-4965?
While the best approach is to apply patches, consult IBM support for possible temporary workarounds to mitigate the impact of CVE-2020-4965.

agent/references
agent/first-publish-date
agent/type
agent/weakness
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/ibm
canonical/ibm rdng
version/ibm rdng/6.0.2
canonical/ibm doors next
version/ibm doors next/7.0.2
version/ibm doors next/7.0
version/ibm doors next/7.0.1
version/ibm rdng/6.0.6.1
version/ibm rdng/6.0.6
canonical/ibm rqm
version/ibm rqm/6.0.6.1
canonical/ibm etm
version/ibm etm/7.0.1
version/ibm rqm/6.0.6
version/ibm etm/7.0.0
version/ibm rqm/6.0.2
version/ibm etm/7.0.2
canonical/ibm removable media manager
version/ibm removable media manager/7.0.1
canonical/ibm rhapsody model manager
version/ibm rhapsody model manager/6.0.6
version/ibm removable media manager/6.0.6.1
version/ibm rhapsody model manager/6.0.2
version/ibm removable media manager/6.0.6
version/ibm rhapsody model manager/6.0.6.1
version/ibm removable media manager/7.0
version/ibm removable media manager/6.0.2
canonical/ibm ewm
version/ibm ewm/7.0.1
canonical/ibm rtc
version/ibm rtc/6.0.2
version/ibm rtc/6.0.6.1
version/ibm ewm/7.0
version/ibm rtc/6.0.6
version/ibm ewm/7.0.2
canonical/ibm clm
version/ibm clm/6.0.6.1
version/ibm clm/6.0.6
canonical/ibm elm
version/ibm elm/7.0
version/ibm clm/6.0.2
version/ibm elm/7.0.1
version/ibm elm/7.0.2
canonical/ibm relm
version/ibm relm/6.0.6.1
canonical/ibm eni
version/ibm eni/7.0.1
version/ibm relm/6.0.6
version/ibm eni/7.0
version/ibm relm/6.0.2
version/ibm eni/7.0.2
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/6.0.2
version/ibm collaborative lifecycle management/6.0.6
version/ibm collaborative lifecycle management/6.0.6.1
version/ibm doors next/7.0.0
canonical/ibm engineering insights
version/ibm engineering insights/7.0.0
version/ibm engineering insights/7.0.1
version/ibm engineering insights/7.0.2
canonical/ibm engineering lifecycle manager
version/ibm engineering lifecycle manager/7.0.0
version/ibm engineering lifecycle manager/7.0.1
version/ibm engineering lifecycle manager/7.0.2
canonical/ibm engineering requirements management doors next
version/ibm engineering requirements management doors next/6.0.2
version/ibm engineering requirements management doors next/6.0.6
version/ibm engineering requirements management doors next/6.0.6.1
canonical/ibm engineering test management
version/ibm engineering test management/7.0.0
version/ibm engineering test management/7.0.1
version/ibm engineering test management/7.0.2
canonical/ibm engineering workflow management
version/ibm engineering workflow management/7.0.0
version/ibm engineering workflow management/7.0.1
version/ibm engineering workflow management/7.0.2
version/ibm engineering lifecycle manager/6.0.2
version/ibm engineering lifecycle manager/6.0.6
version/ibm engineering lifecycle manager/6.0.6.1
canonical/ibm rational quality manager
version/ibm rational quality manager/6.0.2
version/ibm rational quality manager/6.0.6
version/ibm rational quality manager/6.0.6.1
canonical/ibm rational team concert
version/ibm rational team concert/6.0.2
version/ibm rational team concert/6.0.6
version/ibm rational team concert/6.0.6.1
canonical/ibm removable media management
version/ibm removable media management/6.0.2
version/ibm removable media management/6.0.6
version/ibm removable media management/6.0.6.1
version/ibm removable media management/7.0.0
version/ibm removable media management/7.0.1

CVE-2020-4965

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2020-4965?

How do I fix CVE-2020-4965?

What products are affected by CVE-2020-4965?

What are the potential impacts of CVE-2020-4965?

Is there a workaround for CVE-2020-4965?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2020-4965?

How do I fix CVE-2020-4965?

What products are affected by CVE-2020-4965?

What are the potential impacts of CVE-2020-4965?

Is there a workaround for CVE-2020-4965?