PT-2020-10988 · Ibm · Ibm Quality Manager

Published

2020-04-08

Updated

2020-04-10

CVE-2019-4603

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Quality Manager (RQM) versions 6.02 through 6.0.6.1

Description The issue allows an authenticated user to create keywords through the REST API and have them appear as if they were created by another user.

Recommendations For versions 6.02 through 6.0.6.1, consider restricting access to the REST API to minimize the risk of exploitation. As a temporary workaround, consider disabling the functionality that allows creating keywords through the API until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-4603

Affected Products

Ibm Quality Manager

PT-2020-10988 · Ibm · Ibm Quality Manager

CVE-2019-4603

Weakness Enumeration

Related Identifiers

Affected Products

References · 5