CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4989
https://notcve.org/view.php?id=CVE-2020-4989
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. IBM Engineering Workflow Management versiones 7.0, 7.0.1 y 7.0.2 e IBM Rational Team Concert 6.0.6 y 6.0.0.1 podrían permitir a un usuario autenticado obtener información confidencial sobre las definiciones de construcción. IBM X-Force ID: 192707 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192707 https://www.ibm.com/support/pages/node/6563261 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29701
https://notcve.org/view.php?id=CVE-2021-29701
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657. IBM Engineering Workflow Management versiones 7.0, 7.0.1 y 7.0.2, así como IBM Rational Team Concert versiones 6.0.6 y 6.0.6.1, podrían permitir a un atacante autenticado conseguir información confidencial de las definiciones de compilación que podría ayudar a realizar más ataques contra el sistema. X-Force ID: 200657 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200657 https://www.ibm.com/support/pages/node/6539546 •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 https://www.ibm.com/support/pages/node/6508583 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29786
https://notcve.org/view.php?id=CVE-2021-29786
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. Los productos IBM Jazz Team Server almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario autenticado. IBM X-Force ID: 203172 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203172 https://www.ibm.com/support/pages/node/6508583 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-29774
https://notcve.org/view.php?id=CVE-2021-29774
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. Los productos IBM Jazz Team Server podrían permitir a un usuario autenticado alcanzar privilegios elevados bajo determinadas configuraciones. IBM X-Force ID: 203025 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203025 https://www.ibm.com/support/pages/node/6508583 •