Search criteria
84 vulnerabilities found for engineering_lifecycle_optimization_-_publishing by ibm
FKIE_CVE-2021-39018
Vulnerability from fkie_nvd - Published: 2022-07-14 17:15 - Updated: 2025-03-25 14:21
Severity ?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213726 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6603345 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213726 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6603345 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6.1 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 7.0.1 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5E732-2A3A-4300-BC15-2591F0D1B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB638AE-44C2-4ED0-9FEE-1EADE239BBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2AD86D-D092-415E-A7AC-F6FC26D336D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D82A-8E20-4B70-AB17-A0564F8BFF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podr\u00eda divulgar informaci\u00f3n confidencial en un mensaje de error SQL que podr\u00eda ayudar a realizar m\u00e1s ataques contra el sistema. IBM X-Force ID: 213726"
}
],
"id": "CVE-2021-39018",
"lastModified": "2025-03-25T14:21:02.290",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T17:15:08.297",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603345"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-39016
Vulnerability from fkie_nvd - Published: 2022-07-14 17:15 - Updated: 2025-03-25 14:21
Severity ?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213722 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6603335 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213722 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6603335 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6.1 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 7.0.1 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5E732-2A3A-4300-BC15-2591F0D1B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB638AE-44C2-4ED0-9FEE-1EADE239BBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2AD86D-D092-415E-A7AC-F6FC26D336D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D82A-8E20-4B70-AB17-A0564F8BFF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, no supervisa ni controla suficientemente el volumen de tr\u00e1fico de red transmitido, por lo que un actor puede causar que el software transmita m\u00e1s tr\u00e1fico del que deber\u00eda estar permitido para ese actor. IBM X-Force ID: 213722"
}
],
"id": "CVE-2021-39016",
"lastModified": "2025-03-25T14:21:02.290",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T17:15:08.203",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603335"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-39019
Vulnerability from fkie_nvd - Published: 2022-07-14 17:15 - Updated: 2025-03-25 14:21
Severity ?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213728 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6603355 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213728 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6603355 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6.1 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 7.0.1 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5E732-2A3A-4300-BC15-2591F0D1B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB638AE-44C2-4ED0-9FEE-1EADE239BBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2AD86D-D092-415E-A7AC-F6FC26D336D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D82A-8E20-4B70-AB17-A0564F8BFF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podr\u00eda divulgar informaci\u00f3n altamente confidencial mediante una petici\u00f3n HTTP GET a un usuario autenticado. IBM X-Force ID: 213728"
}
],
"id": "CVE-2021-39019",
"lastModified": "2025-03-25T14:21:02.290",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T17:15:08.343",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603355"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-39028
Vulnerability from fkie_nvd - Published: 2022-07-14 17:15 - Updated: 2025-03-25 14:21
Severity ?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213866 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6603347 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213866 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6603347 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6.1 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 7.0.1 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5E732-2A3A-4300-BC15-2591F0D1B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB638AE-44C2-4ED0-9FEE-1EADE239BBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2AD86D-D092-415E-A7AC-F6FC26D336D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D82A-8E20-4B70-AB17-A0564F8BFF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, es vulnerable a una inyecci\u00f3n de encabezados HTTP, causada por la incorrecta comprobaci\u00f3n de la entrada de los encabezados HOST. Esto podr\u00eda permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo de tipo cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. IBM X-Force ID: 213866"
}
],
"id": "CVE-2021-39028",
"lastModified": "2025-03-25T14:21:02.290",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T17:15:08.387",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603347"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-39015
Vulnerability from fkie_nvd - Published: 2022-07-14 17:15 - Updated: 2025-03-25 14:21
Severity ?
Summary
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213655 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6603333 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213655 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6603333 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6.1 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 7.0.1 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5E732-2A3A-4300-BC15-2591F0D1B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB638AE-44C2-4ED0-9FEE-1EADE239BBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2AD86D-D092-415E-A7AC-F6FC26D336D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D82A-8E20-4B70-AB17-A0564F8BFF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization - Publishing versiones 7.0, 7.0.1 y 7.0.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 213655"
}
],
"id": "CVE-2021-39015",
"lastModified": "2025-03-25T14:21:02.290",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T17:15:08.013",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603333"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-39017
Vulnerability from fkie_nvd - Published: 2022-07-14 17:15 - Updated: 2025-03-25 14:21
Severity ?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213725 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6603341 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213725 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6603341 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6.1 | |
| ibm | engineering_lifecycle_optimization_-_publishing | 7.0.1 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0 | |
| ibm | engineering_lifecycle_optimization_publishing | 7.0.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5E732-2A3A-4300-BC15-2591F0D1B3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB638AE-44C2-4ED0-9FEE-1EADE239BBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2AD86D-D092-415E-A7AC-F6FC26D336D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D82A-8E20-4B70-AB17-A0564F8BFF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podr\u00eda permitir a un atacante remoto cargar archivos arbitrarios, causado por controles de acceso inapropiados. IBM X-Force ID: 213725"
}
],
"id": "CVE-2021-39017",
"lastModified": "2025-03-25T14:21:02.290",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T17:15:08.250",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6603341"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20343
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/194593 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/194593 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, lo que puede conllevar una enumeraci\u00f3n de la red o facilitar otros ataques. IBM X-Force ID: 194593"
}
],
"id": "CVE-2021-20343",
"lastModified": "2024-11-21T05:46:25.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.497",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194593"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29668
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199406 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199406 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 199406"
}
],
"id": "CVE-2021-29668",
"lastModified": "2024-11-21T06:01:36.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.693",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199406"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4495
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/182114 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/182114 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering podr\u00edan permitir a un atacante remoto omitir las restricciones de seguridad, causadas por un control de acceso inapropiado. Al enviar una petici\u00f3n especialmente dise\u00f1ada a la API REST, un atacante podr\u00eda explotar esta vulnerabilidad para omitir las restricciones de acceso y ejecutar acciones arbitrarias con privilegios administrativos. IBM X-Force ID: 182114"
}
],
"id": "CVE-2020-4495",
"lastModified": "2024-11-21T05:32:48.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.297",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182114"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4977
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192470 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192470 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization - Publishing es vulnerable a ataques de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 192470"
}
],
"id": "CVE-2020-4977",
"lastModified": "2024-11-21T05:33:30.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.400",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192470"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20346
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/194595 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/194595 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, lo que podr\u00eda conllevar una enumeraci\u00f3n de la red o facilitar otros ataques. IBM X-Force ID: 194595"
}
],
"id": "CVE-2021-20346",
"lastModified": "2024-11-21T05:46:26.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.563",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194595"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20347
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/194596 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/194596 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, lo que podr\u00eda conllevar una enumeraci\u00f3n de la red o facilitar otros ataques. IBM X-Force ID: 194596"
}
],
"id": "CVE-2021-20347",
"lastModified": "2024-11-21T05:46:26.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.593",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194596"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4732
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/188126 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/188126 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering, podr\u00edan permitir a un usuario autenticado obtener informaci\u00f3n confidencial debido a una falta de restricciones de seguridad. IBM X-Force ID: 188126"
}
],
"id": "CVE-2020-4732",
"lastModified": "2024-11-21T05:33:11.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.363",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188126"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20348
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/194597 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/194597 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, lo que podr\u00eda conllevar una enumeraci\u00f3n de la red o facilitar otros ataques. IBM X-ForceID: 194597"
}
],
"id": "CVE-2021-20348",
"lastModified": "2024-11-21T05:46:26.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.623",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194597"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-5030
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/193737 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/193737 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 193737"
}
],
"id": "CVE-2020-5030",
"lastModified": "2024-11-21T05:33:34.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.433",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193737"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29670
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199408 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199408 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 199408"
}
],
"id": "CVE-2021-29670",
"lastModified": "2024-11-21T06:01:37.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.723",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199408"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20371
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/195516 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/195516 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando un mensaje de error es devuelto en el navegador. Esta informaci\u00f3n podr\u00eda ser usada en posteriores ataques contra el sistema. IBM X-Force ID: 195516"
}
],
"id": "CVE-2021-20371",
"lastModified": "2024-11-21T05:46:28.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.660",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195516"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20345
Vulnerability from fkie_nvd - Published: 2021-06-02 21:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/194594 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/194594 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457739 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDFAD2-C318-4328-B9F5-D620C7C9B2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD252F7-F264-42CE-ACE9-41D8655220A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCA727-01B7-4E9C-BC73-96D32A79424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B258BA7D-549C-4D43-AF84-9807F77954BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE25087-C816-42DA-B7EB-D3CB34B62D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:removable_media_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "438CF65F-E158-471E-A693-4F4D8D6A4932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594."
},
{
"lang": "es",
"value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, lo que podr\u00eda conllevar una enumeraci\u00f3n de la red o facilitar otros ataques. IBM X-Force ID: 194594"
}
],
"id": "CVE-2021-20345",
"lastModified": "2024-11-21T05:46:26.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T21:15:07.533",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194594"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6457739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-39028 (GCVE-0-2021-39028)
Vulnerability from cvelistv5 – Published: 2022-07-14 16:15 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603347"
},
{
"name": "ibm-engineering-cve202139028-header-injection (213866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/PR:L/I:L/UI:N/A:N/AV:N/S:U/AC:L/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:53",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603347"
},
{
"name": "ibm-engineering-cve202139028-header-injection (213866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603347",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603347 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603347"
},
{
"name": "ibm-engineering-cve202139028-header-injection (213866)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39028",
"datePublished": "2022-07-14T16:15:53.571731Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T01:01:55.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39019 (GCVE-0-2021-39019)
Vulnerability from cvelistv5 – Published: 2022-07-14 16:15 – Updated: 2024-09-17 00:06
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603355"
},
{
"name": "ibm-engineering-cve202139019-info-disc (213728)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AV:N/AC:L/S:U/C:H/PR:L/I:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:47",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603355"
},
{
"name": "ibm-engineering-cve202139019-info-disc (213728)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603355",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603355 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603355"
},
{
"name": "ibm-engineering-cve202139019-info-disc (213728)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39019",
"datePublished": "2022-07-14T16:15:47.741518Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T00:06:28.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39018 (GCVE-0-2021-39018)
Vulnerability from cvelistv5 – Published: 2022-07-14 16:15 – Updated: 2024-09-16 23:52
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"name": "ibm-engineering-cve202139018-info-disc (213726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/C:L/I:N/UI:N/S:U/AC:L/AV:N/A:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:41",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"name": "ibm-engineering-cve202139018-info-disc (213726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603345",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603345 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"name": "ibm-engineering-cve202139018-info-disc (213726)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39018",
"datePublished": "2022-07-14T16:15:41.676276Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:52:07.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39017 (GCVE-0-2021-39017)
Vulnerability from cvelistv5 – Published: 2022-07-14 16:15 – Updated: 2024-09-16 17:58
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:16.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603341"
},
{
"name": "ibm-engineering-cve202139017-file-upload (213725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:H/C:N/PR:L/UI:R/A:N/AV:N/S:U/AC:L/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:35",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603341"
},
{
"name": "ibm-engineering-cve202139017-file-upload (213725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603341",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603341 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603341"
},
{
"name": "ibm-engineering-cve202139017-file-upload (213725)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39017",
"datePublished": "2022-07-14T16:15:36.022957Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T17:58:08.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39016 (GCVE-0-2021-39016)
Vulnerability from cvelistv5 – Published: 2022-07-14 16:15 – Updated: 2024-09-17 03:33
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.
Severity ?
CWE
- Bypass Security
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603335"
},
{
"name": "ibm-engineering-cve202139016-sec-bypass (213722)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/C:N/I:L/UI:N/S:U/AC:L/A:N/AV:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603335"
},
{
"name": "ibm-engineering-cve202139016-sec-bypass (213722)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603335",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603335 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603335"
},
{
"name": "ibm-engineering-cve202139016-sec-bypass (213722)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39016",
"datePublished": "2022-07-14T16:15:29.687563Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T03:33:48.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39015 (GCVE-0-2021-39015)
Vulnerability from cvelistv5 – Published: 2022-07-14 16:15 – Updated: 2024-09-16 19:14
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
7.0
Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603333"
},
{
"name": "ibm-engineering-cve202139015-xss (213655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/I:L/PR:L/C:L/AC:L/S:C/A:N/AV:N/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603333"
},
{
"name": "ibm-engineering-cve202139015-xss (213655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603333",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603333 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603333"
},
{
"name": "ibm-engineering-cve202139015-xss (213655)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39015",
"datePublished": "2022-07-14T16:15:23.479925Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T19:14:23.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39028 (GCVE-0-2021-39028)
Vulnerability from nvd – Published: 2022-07-14 16:15 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603347"
},
{
"name": "ibm-engineering-cve202139028-header-injection (213866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/PR:L/I:L/UI:N/A:N/AV:N/S:U/AC:L/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:53",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603347"
},
{
"name": "ibm-engineering-cve202139028-header-injection (213866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603347",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603347 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603347"
},
{
"name": "ibm-engineering-cve202139028-header-injection (213866)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39028",
"datePublished": "2022-07-14T16:15:53.571731Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T01:01:55.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39019 (GCVE-0-2021-39019)
Vulnerability from nvd – Published: 2022-07-14 16:15 – Updated: 2024-09-17 00:06
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603355"
},
{
"name": "ibm-engineering-cve202139019-info-disc (213728)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AV:N/AC:L/S:U/C:H/PR:L/I:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:47",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603355"
},
{
"name": "ibm-engineering-cve202139019-info-disc (213728)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603355",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603355 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603355"
},
{
"name": "ibm-engineering-cve202139019-info-disc (213728)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39019",
"datePublished": "2022-07-14T16:15:47.741518Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T00:06:28.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39018 (GCVE-0-2021-39018)
Vulnerability from nvd – Published: 2022-07-14 16:15 – Updated: 2024-09-16 23:52
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"name": "ibm-engineering-cve202139018-info-disc (213726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/C:L/I:N/UI:N/S:U/AC:L/AV:N/A:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:41",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"name": "ibm-engineering-cve202139018-info-disc (213726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603345",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603345 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603345"
},
{
"name": "ibm-engineering-cve202139018-info-disc (213726)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39018",
"datePublished": "2022-07-14T16:15:41.676276Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:52:07.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39017 (GCVE-0-2021-39017)
Vulnerability from nvd – Published: 2022-07-14 16:15 – Updated: 2024-09-16 17:58
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:16.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603341"
},
{
"name": "ibm-engineering-cve202139017-file-upload (213725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:H/C:N/PR:L/UI:R/A:N/AV:N/S:U/AC:L/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:35",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603341"
},
{
"name": "ibm-engineering-cve202139017-file-upload (213725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603341",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603341 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603341"
},
{
"name": "ibm-engineering-cve202139017-file-upload (213725)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39017",
"datePublished": "2022-07-14T16:15:36.022957Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T17:58:08.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39016 (GCVE-0-2021-39016)
Vulnerability from nvd – Published: 2022-07-14 16:15 – Updated: 2024-09-17 03:33
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.
Severity ?
CWE
- Bypass Security
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603335"
},
{
"name": "ibm-engineering-cve202139016-sec-bypass (213722)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/C:N/I:L/UI:N/S:U/AC:L/A:N/AV:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603335"
},
{
"name": "ibm-engineering-cve202139016-sec-bypass (213722)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603335",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603335 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603335"
},
{
"name": "ibm-engineering-cve202139016-sec-bypass (213722)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39016",
"datePublished": "2022-07-14T16:15:29.687563Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T03:33:48.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39015 (GCVE-0-2021-39015)
Vulnerability from nvd – Published: 2022-07-14 16:15 – Updated: 2024-09-16 19:14
VLAI?
Summary
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization Publishing |
Affected:
7.0
Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6603333"
},
{
"name": "ibm-engineering-cve202139015-xss (213655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/I:L/PR:L/C:L/AC:L/S:C/A:N/AV:N/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T16:15:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6603333"
},
{
"name": "ibm-engineering-cve202139015-xss (213655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-13T00:00:00",
"ID": "CVE-2021-39015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization Publishing",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6603333",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6603333 (Engineering Lifecycle Optimization Publishing)",
"url": "https://www.ibm.com/support/pages/node/6603333"
},
{
"name": "ibm-engineering-cve202139015-xss (213655)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39015",
"datePublished": "2022-07-14T16:15:23.479925Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T19:14:23.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}