IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HIBM Collaborative Lifecycle Management
APPIbm6.0.66.0.6.1IBM Engineering Lifecycle Management
APPIbm7.07.0.17.0.2IBM Engineering Lifecycle Optimization Engineering Insights
APPIbm7.07.0.17.0.2IBM Engineering Lifecycle Optimization Publishing
APPIbm7.07.0.17.0.2IBM Engineering Test Management
APPIbm7.0.07.0.1IBM Rational Doors Next Generation
APPIbm6.0.66.0.6.17.07.0.17.0.2IBM Rational Engineering Lifecycle Manager
APPIbm6.0.66.0.6.1IBM Rational Quality Manager
APPIbm6.0.66.0.6.1IBM Removable Media Manager
APPIbm6.0.66.0.6.17.0
Related vulnerabilities
IBM Engineering Lifecycle Management — nieautoryzowany zapis plików konfiguracyjnych serwera
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privi...
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 th...
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External...
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain co...