Cyber Resilience

CVE-2020-4495

High

Published: 02 June 2021

Published
02 June 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0130 80.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-4495 is a high-severity an unspecified weakness vulnerability in Ibm Rational Doors Next Generation. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions,…

more

and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ibm
collaborative lifecycle management
6.0.6, 6.0.6.1
ibm
engineering lifecycle management
7.0, 7.0.1, 7.0.2
ibm
engineering lifecycle optimization - engineering insights
7.0, 7.0.1, 7.0.2
ibm
engineering lifecycle optimization - publishing
7.0, 7.0.1, 7.0.2
ibm
engineering test management
7.0.0, 7.0.1
ibm
rational doors next generation
6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2
ibm
rational engineering lifecycle manager
6.0.6, 6.0.6.1
ibm
rational quality manager
6.0.6, 6.0.6.1
ibm
removable media manager
6.0.6, 6.0.6.1, 7.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References