CVE-2019-4603
Description
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Quality Manager (RQM) 6.0.2, 6.0.6, and 6.0.6.1 allow authenticated users to spoof keyword creation via REST API, appearing as another user.
Vulnerability
IBM Quality Manager (RQM) versions 6.0.2, 6.0.6, and 6.0.6.1 allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user [1]. This is an integrity vulnerability that does not require user interaction.
Exploitation
An attacker must have a valid account with network access to the RQM REST API. By crafting a request to the keyword creation endpoint, the attacker can specify a different user as the creator, causing the system to attribute the keyword to that user [1]. No special privileges beyond authenticated access are needed.
Impact
Successful exploitation results in a low integrity impact: the attacker can spoof the creator of a keyword. The CVSS v3.0 base score is 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) [1]. No confidentiality or availability impact occurs.
Mitigation
As of the publication date (2020-04-08), no fix or workaround is available from IBM [1]. Users should monitor IBM's security bulletin for updates and apply patches when released.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 6.02, 6.06, 6.0.6.1
- Range: 6.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/168295mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6172629mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.