CVE-2021-39018

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Optimization Publishing
Vendor: CVE Published:; 14 July 2022

Summary

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.

Affected Version(s)

Engineering Lifecycle Optimization Publishing 6.0.6

Engineering Lifecycle Optimization Publishing 6.0.6.1

Engineering Lifecycle Optimization Publishing 7.0

References

https://www.ibm.com/support/pages/node/6603345

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213726

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2022
Vulnerability Reserved
Aug 16, 2021

Collectors

NVD DatabaseMitre Database