What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2021-29701.

What is the title of this vulnerability?

The title of this vulnerability is 'IBM Engineering Workflow Management could allow an authenticated attacker to obtain sensitive information.'

What software is affected by this vulnerability?

IBM Engineering Workflow Management versions 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert versions 6.0.6 and 6.0.6.1 are affected by this vulnerability.

What is the severity rating of this vulnerability?

The severity rating of this vulnerability is medium, with a CVSS score of 4.3.

How can an attacker exploit this vulnerability?

An authenticated attacker can exploit this vulnerability by obtaining sensitive information from build definitions, which can aid in further attacks against the system.

Vulnerability/
CVE-2021-29701

medium

4.3

10/1/2022

11/1/2022

17/9/2024

CVE-2021-29701

First published: Mon Jan 10 2022(Updated: )

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Engineering Workflow Management	=7.0
IBM Engineering Workflow Management	=7.0.1
IBM Engineering Workflow Management	=7.0.2
IBM Rational Team Concert	=6.0.6
IBM Rational Team Concert	=6.0.6.1
Linux Linux kernel
Microsoft Windows
	<=7.0.2
	<=7.0.1
	<=7.0
	<=6.0.6.1
	<=6.0.6

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6539546

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-29701.
What is the title of this vulnerability?
The title of this vulnerability is 'IBM Engineering Workflow Management could allow an authenticated attacker to obtain sensitive information.'
What software is affected by this vulnerability?
IBM Engineering Workflow Management versions 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert versions 6.0.6 and 6.0.6.1 are affected by this vulnerability.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium, with a CVSS score of 4.3.
How can an attacker exploit this vulnerability?
An authenticated attacker can exploit this vulnerability by obtaining sensitive information from build definitions, which can aid in further attacks against the system.

collector/nvd-api
collector/nvd-index
agent/references
agent/author
agent/first-publish-date
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/description
agent/softwarecombine
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm engineering workflow management
version/ibm engineering workflow management/7.0
version/ibm engineering workflow management/7.0.1
version/ibm engineering workflow management/7.0.2
canonical/ibm rational team concert
version/ibm rational team concert/6.0.6
version/ibm rational team concert/6.0.6.1
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows
canonical/ibm engineering workflow management (ewm)
version/ibm engineering workflow management (ewm)/7.0.2
version/ibm engineering workflow management (ewm)/7.0.1
version/ibm engineering workflow management (ewm)/7.0
canonical/ibm rational team concert (rtc)
version/ibm rational team concert (rtc)/6.0.6.1
version/ibm rational team concert (rtc)/6.0.6