Information Disclosure Vulnerability in IBM Engineering Lifecycle Optimization
CVE-2021-39019

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Optimization Publishing
Vendor: CVE Published:; 14 July 2022

Summary

IBM Engineering Lifecycle Optimization - Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 potentially expose sensitive information to authenticated users through improperly secured HTTP GET requests. This vulnerability may allow attackers with access to specific user accounts to access confidential data, thereby increasing risks related to data confidentiality and integrity. For more details, refer to the IBM support page and the IBM X-Force vulnerability database entry.

Affected Version(s)

Engineering Lifecycle Optimization Publishing 6.0.6

Engineering Lifecycle Optimization Publishing 6.0.6.1

Engineering Lifecycle Optimization Publishing 7.0

References

https://www.ibm.com/support/pages/node/6603355

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213728

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2022
Vulnerability Reserved
Aug 16, 2021