CVE-2021-39017

5.7MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Optimization Publishing
Vendor: CVE Published:; 14 July 2022

Summary

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.

Affected Version(s)

Engineering Lifecycle Optimization Publishing 6.0.6

Engineering Lifecycle Optimization Publishing 6.0.6.1

Engineering Lifecycle Optimization Publishing 7.0

References

https://www.ibm.com/support/pages/node/6603341

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213725

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2022
Vulnerability Reserved
Aug 16, 2021

Collectors

NVD DatabaseMitre Database