What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-4974.

What is the severity of CVE-2020-4974?

The severity of CVE-2020-4974 is medium (6.3).

Which IBM products are affected by CVE-2020-4974?

IBM Jazz Foundation products, including IBM EWM, IBM RTC, IBM DOORS Next, IBM RDNG, IBM Engineering Requirements Quality Assistant On-Premises, IBM RELM, IBM ENI, IBM RQM, IBM ETM, IBM CLM, IBM ELM, IBM Engineering Lifecycle Optimization - Engineering Insights, IBM Engineering Test Management, IBM Engineering Workflow Management, IBM Rational Collaborative Lifecycle Management, IBM Rational DOORS Next Generation, IBM Rational Engineering Lifecycle Manager, IBM Rational Quality Manager, and IBM Rational Team Concert are affected by CVE-2020-4974.

Are there any fixes or patches available for CVE-2020-4974?

To fix CVE-2020-4974, it is recommended to apply the latest security updates provided by IBM.

Vulnerability/
CVE-2020-4974

medium

6.5

CWE

918

27/7/2021

28/7/2021

17/9/2024

CVE-2020-4974: SSRF

Q: What is the impact of CVE-2020-4974?

CVE-2020-4974 allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

First published: Tue Jul 27 2021(Updated: )

IBM Jazz Foundation is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Engineering Lifecycle Optimization - Engineering Insights	=7.0
IBM Engineering Lifecycle Optimization - Engineering Insights	=7.0.1
IBM Engineering Lifecycle Optimization - Engineering Insights	=7.0.2
IBM Engineering Requirements Quality Assistant On-Premises
IBM Engineering Test Management	=7.0.0
IBM Engineering Test Management	=7.0.1
IBM Engineering Test Management	=7.0.2
IBM Engineering Workflow Management	=7.0
IBM Engineering Workflow Management	=7.0.1
IBM Engineering Workflow Management	=7.0.2
IBM Rational Collaborative Lifecycle Management	=6.0.2
IBM Rational Collaborative Lifecycle Management	=6.0.6
IBM Rational Collaborative Lifecycle Management	=6.0.6.1
IBM Rational DOORS Next Generation	=6.0.6
IBM Rational DOORS Next Generation	=6.0.6.1
IBM Rational DOORS Next Generation	=7.0
IBM Rational DOORS Next Generation	=7.0.1
IBM Rational DOORS Next Generation	=7.0.2
IBM Rational Engineering Lifecycle Manager	=6.0.2
IBM Rational Engineering Lifecycle Manager	=6.0.6
IBM Rational Engineering Lifecycle Manager	=6.0.6.1
IBM Rational Quality Manager	=6.0.6
IBM Rational Quality Manager	=6.0.6.1
IBM Rational Team Concert	=6.0.6
IBM Rational Team Concert	=6.0.6.1
	<=7.0.1
	<=6.0.6.1
	<=7.0
	<=6.0.6
	<=7.0.2
	<=7.0.2
	<=7.0
	<=7.0.1
	<=6.0.6.1
	<=6.0.6
	<=All
	<=6.0.6.1
	<=7.0.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=7.0.2
	<=6.0.6.1
	<=7.0.1
	<=6.0.6
	<=7.0.0
	<=7.0.2
	<=6.0.6.1
	<=6.0.6
	<=7.0
	<=6.0.2
	<=7.0.1
	<=7.0.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6475919

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-4974.
What is the severity of CVE-2020-4974?
The severity of CVE-2020-4974 is medium (6.3).
Which IBM products are affected by CVE-2020-4974?
IBM Jazz Foundation products, including IBM EWM, IBM RTC, IBM DOORS Next, IBM RDNG, IBM Engineering Requirements Quality Assistant On-Premises, IBM RELM, IBM ENI, IBM RQM, IBM ETM, IBM CLM, IBM ELM, IBM Engineering Lifecycle Optimization - Engineering Insights, IBM Engineering Test Management, IBM Engineering Workflow Management, IBM Rational Collaborative Lifecycle Management, IBM Rational DOORS Next Generation, IBM Rational Engineering Lifecycle Manager, IBM Rational Quality Manager, and IBM Rational Team Concert are affected by CVE-2020-4974.
What is the impact of CVE-2020-4974?
CVE-2020-4974 allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Are there any fixes or patches available for CVE-2020-4974?
To fix CVE-2020-4974, it is recommended to apply the latest security updates provided by IBM.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm engineering lifecycle optimization - engineering insights
version/ibm engineering lifecycle optimization - engineering insights/7.0
version/ibm engineering lifecycle optimization - engineering insights/7.0.1
version/ibm engineering lifecycle optimization - engineering insights/7.0.2
canonical/ibm engineering requirements quality assistant on-premises
canonical/ibm engineering test management
version/ibm engineering test management/7.0.0
version/ibm engineering test management/7.0.1
version/ibm engineering test management/7.0.2
canonical/ibm engineering workflow management
version/ibm engineering workflow management/7.0
version/ibm engineering workflow management/7.0.1
version/ibm engineering workflow management/7.0.2
canonical/ibm rational collaborative lifecycle management
version/ibm rational collaborative lifecycle management/6.0.2
version/ibm rational collaborative lifecycle management/6.0.6
version/ibm rational collaborative lifecycle management/6.0.6.1
canonical/ibm rational doors next generation
version/ibm rational doors next generation/6.0.6
version/ibm rational doors next generation/6.0.6.1
version/ibm rational doors next generation/7.0
version/ibm rational doors next generation/7.0.1
version/ibm rational doors next generation/7.0.2
canonical/ibm rational engineering lifecycle manager
version/ibm rational engineering lifecycle manager/6.0.2
version/ibm rational engineering lifecycle manager/6.0.6
version/ibm rational engineering lifecycle manager/6.0.6.1
canonical/ibm rational quality manager
version/ibm rational quality manager/6.0.6
version/ibm rational quality manager/6.0.6.1
canonical/ibm rational team concert
version/ibm rational team concert/6.0.6
version/ibm rational team concert/6.0.6.1
canonical/ibm ewm
version/ibm ewm/7.0.1
canonical/ibm rtc
version/ibm rtc/6.0.6.1
version/ibm ewm/7.0
version/ibm rtc/6.0.6
version/ibm ewm/7.0.2
canonical/ibm doors next
version/ibm doors next/7.0.2
version/ibm doors next/7.0
version/ibm doors next/7.0.1
canonical/ibm rdng
version/ibm rdng/6.0.6.1
version/ibm rdng/6.0.6
version/ibm engineering requirements quality assistant on-premises/all
canonical/ibm relm
version/ibm relm/6.0.6.1
canonical/ibm eni
version/ibm eni/7.0.1
version/ibm relm/6.0.6
version/ibm eni/7.0
version/ibm relm/6.0.2
version/ibm eni/7.0.2
canonical/ibm rqm
version/ibm rqm/6.0.6.1
canonical/ibm etm
version/ibm etm/7.0.1
version/ibm rqm/6.0.6
version/ibm etm/7.0.0
version/ibm etm/7.0.2
canonical/ibm clm
version/ibm clm/6.0.6.1
version/ibm clm/6.0.6
canonical/ibm elm
version/ibm elm/7.0
version/ibm clm/6.0.2
version/ibm elm/7.0.1
version/ibm elm/7.0.2

CVE-2020-4974: SSRF

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the vulnerability ID for this issue?

What is the severity of CVE-2020-4974?

Which IBM products are affected by CVE-2020-4974?

What is the impact of CVE-2020-4974?

Are there any fixes or patches available for CVE-2020-4974?

Company

Resources

Contact