CVE-2019-4084 : IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.

IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.

Published 2019-06-27 14:15:11

Updated 2022-12-09 15:13:12

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2019-4084

IBM » Rational Quality Manager
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.6.1
cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*
Matching versions
IBM » Rational Team Concert
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.6.1
cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*
Matching versions
IBM » Rational Software Architect Design Manager
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.1
cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*
Matching versions
IBM » Rational Collaborative Lifecycle Management
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.6.1
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*
Matching versions
IBM » Rational Doors Next Generation
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.6.1
cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*
Matching versions
IBM » Rational Rhapsody Design Manager
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.6.1
cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*
Matching versions
IBM » Rational Engineering Lifecycle Manager
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.6.1
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-4084

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-4084

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	IBM Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2019-4084

https://exchange.xforce.ibmcloud.com/vulnerabilities/157384

IBM Jazz Foundation information disclosure CVE-2019-4084 Vulnerability Report
VDB Entry;Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ibm10956525

IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-4084

Products affected by CVE-2019-4084

Exploit prediction scoring system (EPSS) score for CVE-2019-4084

CVSS scores for CVE-2019-4084

References for CVE-2019-4084