IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.
2021-03-30T17:15:16.603
2024-11-21T05:46:41.000
Modified
CVSSv3.1: 7.1 (HIGH)
AV:N/AC:L/Au:S/C:P/I:N/A:P
8.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | engineering_insights | 7.0 | Yes |
| Application | ibm | engineering_insights | 7.0.1 | Yes |
| Application | ibm | engineering_insights | 7.0.2 | Yes |
| Application | ibm | engineering_lifecycle_management | 7.0 | Yes |
| Application | ibm | engineering_requirements_quality_assistant_on-premises | - | Yes |
| Application | ibm | engineering_workflow_management | 7.0.0 | Yes |
| Application | ibm | engineering_workflow_management | 7.0.1 | Yes |
| Application | ibm | engineering_workflow_management | 7.0.2 | Yes |
| Application | ibm | rational_engineering_lifecycle_manager | 6.0.2 | Yes |
| Application | ibm | rational_engineering_lifecycle_manager | 6.0.6 | Yes |
| Application | ibm | rational_engineering_lifecycle_manager | 6.0.6.1 | Yes |
| Application | ibm | rational_team_concert | 6.0.6 | Yes |
| Application | ibm | rational_team_concert | 6.0.6.1 | Yes |
| Application | ibm | rational_team_concert | 6.0.6.2 | Yes |