{"api_version":"1","generated_at":"2026-04-29T13:54:06+00:00","cve":"CVE-2021-29701","urls":{"html":"https://cve.report/CVE-2021-29701","api":"https://cve.report/api/cve/CVE-2021-29701.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-29701","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-29701"},"summary":{"title":"CVE-2021-29701","description":"IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-01-11 17:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/6539546","name":"https://www.ibm.com/support/pages/node/6539546","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: Vulnerability which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/200657","name":"ibm-engineering-cve202129701-info-disc (200657)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-29701","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29701","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"29701","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"engineering_workflow_management","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29701","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"engineering_workflow_management","cpe6":"7.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29701","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"engineering_workflow_management","cpe6":"7.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29701","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_team_concert","cpe6":"6.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29701","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_team_concert","cpe6":"6.0.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29701","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29701","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"impact":{"cvssv3":{"BM":{"S":"U","AV":"N","A":"N","PR":"L","I":"N","UI":"N","AC":"L","C":"L","SCORE":"4.300"},"TM":{"RL":"O","E":"U","RC":"C"}}},"references":{"reference_data":[{"title":"IBM Security Bulletin 6539546 (Engineering Workflow Management)","name":"https://www.ibm.com/support/pages/node/6539546","refsource":"CONFIRM","url":"https://www.ibm.com/support/pages/node/6539546"},{"title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/200657","name":"ibm-engineering-cve202129701-info-disc (200657)","refsource":"XF"}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Engineering Workflow Management","version":{"version_data":[{"version_value":"7.0"},{"version_value":"7.0.1"},{"version_value":"7.0.2"}]}},{"product_name":"Rational Team Concert","version":{"version_data":[{"version_value":"6.0.6"},{"version_value":"6.0.6.1"}]}}]}}]}},"description":{"description_data":[{"lang":"eng","value":"IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657."}]},"data_version":"4.0","data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]},"CVE_data_meta":{"STATE":"PUBLIC","ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2022-01-10T00:00:00","ID":"CVE-2021-29701"},"data_type":"CVE"},"nvd":{"publishedDate":"2022-01-11 17:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"29701","Ordinal":"204931","Title":"CVE-2021-29701","CVE":"CVE-2021-29701","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"29701","Ordinal":"1","NoteData":"IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"29701","Ordinal":"2","NoteData":"2022-01-11","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"29701","Ordinal":"3","NoteData":"2022-01-11","Type":"Other","Title":"Modified"}]}}}