Server-Side Request Forgery in IBM Jazz Foundation and Engineering Products
CVE-2021-20345

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Rhapsody Model Manager; Rational Quality Manager; Engineering Test Management; Rational Doors Next Generation
Vendor: CVE Published:; 2 June 2021

Summary

IBM Jazz Foundation and IBM Engineering products are exposed to a server-side request forgery (SSRF) vulnerability. This issue permits authenticated attackers to issue unauthorized requests from the server, which can lead to potential network enumeration or pave the way for additional attacks on the infrastructure. Organizations utilizing these IBM products should take immediate steps to assess their vulnerability status and apply necessary security patches to mitigate these risks.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

References

https://www.ibm.com/support/pages/node/6457739

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/194594

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2021
Vulnerability Reserved
Dec 17, 2020