4.3

CVE-2020-4487

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDoors Next Version7.0
IbmDoors Next Version7.0.1
IbmEngineering Insights Version7.0
IbmEngineering Insights Version7.0.1
IbmEngineering Test Management Version7.0.0
IbmRational Doors Next Generation Version6.0.6.1
IbmRational Quality Manager Version6.0.2
IbmRational Quality Manager Version6.0.6
IbmRational Quality Manager Version6.0.6.1
IbmRational Team Concert Version6.0.2
IbmRational Team Concert Version6.0.6
IbmRational Team Concert Version6.0.6.1
IbmReference Data Management Version7.0.1
IbmRhapsody Model Manager Version6.0.2
IbmRhapsody Model Manager Version6.0.6
IbmRhapsody Model Manager Version6.0.6.1
IbmRhapsody Model Manager Version7.0
IbmRhapsody Model Manager Version7.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.266
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
psirt@us.ibm.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.