{"api_version":"1","generated_at":"2026-04-29T15:52:51+00:00","cve":"CVE-2019-4084","urls":{"html":"https://cve.report/CVE-2019-4084","api":"https://cve.report/api/cve/CVE-2019-4084.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-4084","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-4084"},"summary":{"title":"CVE-2019-4084","description":"IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2019-06-27 14:15:00","updated_at":"2022-12-09 15:13:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=ibm10956525","name":"http://www.ibm.com/support/docview.wss?uid=ibm10956525","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/157384","name":"ibm-jazz-cve20194084-info-disc (157384)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-4084","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-4084","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"4084","vulnerable":"1","versionEndIncluding":"6.0.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_collaborative_lifecycle_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4084","vulnerable":"1","versionEndIncluding":"6.0.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_doors_next_generation","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4084","vulnerable":"1","versionEndIncluding":"6.0.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_engineering_lifecycle_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4084","vulnerable":"1","versionEndIncluding":"6.0.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_quality_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4084","vulnerable":"1","versionEndIncluding":"6.0.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_rhapsody_design_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4084","vulnerable":"1","versionEndIncluding":"6.0.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_software_architect_design_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4084","vulnerable":"1","versionEndIncluding":"6.0.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_team_concert","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"DATE_PUBLIC":"2019-06-25T00:00:00","ID":"CVE-2019-4084","STATE":"PUBLIC","ASSIGNER":"psirt@us.ibm.com"},"description":{"description_data":[{"lang":"eng","value":"IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384."}]},"references":{"reference_data":[{"url":"http://www.ibm.com/support/docview.wss?uid=ibm10956525","name":"http://www.ibm.com/support/docview.wss?uid=ibm10956525","refsource":"CONFIRM","title":"IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/157384","name":"ibm-jazz-cve20194084-info-disc (157384)","refsource":"XF","title":"X-Force Vulnerability Report"}]},"data_type":"CVE","data_version":"4.0","data_format":"MITRE","affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"version":{"version_data":[{"version_value":"6.0"},{"version_value":"6.0.1"},{"version_value":"6.0.2"},{"version_value":"6.0.3"},{"version_value":"6.0.4"},{"version_value":"6.0.5"},{"version_value":"6.0.6"},{"version_value":"6.0.6.1"}]},"product_name":"Rational Collaborative Lifecycle Management"}]}}]}},"impact":{"cvssv3":{"TM":{"RC":"C","E":"U","RL":"O"},"BM":{"UI":"N","SCORE":"4.300","AV":"N","PR":"L","S":"U","I":"N","C":"L","AC":"L","A":"N"}}},"problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]}},"nvd":{"publishedDate":"2019-06-27 14:15:00","lastModifiedDate":"2022-12-09 15:13:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.6.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"4084","Ordinal":"141695","Title":"CVE-2019-4084","CVE":"CVE-2019-4084","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"4084","Ordinal":"1","NoteData":"IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"4084","Ordinal":"2","NoteData":"2019-06-27","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"4084","Ordinal":"3","NoteData":"2019-06-27","Type":"Other","Title":"Modified"}]}}}