Server-Side Request Forgery in IBM Spectrum Copy Data Management
CVE-2021-39051

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Copy Data Management
Vendor: CVE Published:; 14 March 2022

Summary

IBM Spectrum Copy Data Management versions 2.2.0.0 to 2.2.14.3 have a vulnerability that arises from improper input handling in the application server registration feature. This allows a remote attacker to exploit the application by using the host address and port fields in the portal UI. Through this exploit, the attacker can enumerate and potentially compromise services running on the specified hosts, creating significant security risks.

Affected Version(s)

Spectrum Copy Data Management 2.2.0.0

Spectrum Copy Data Management 2.2.14.3

References

https://www.ibm.com/support/pages/node/6562479

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/214441

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2022
Vulnerability Reserved
Aug 16, 2021