VAR-202110-1421
Vulnerability from variot - Updated: 2022-05-04 08:51IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.6.1"
},
{
"model": "engineering lifecycle optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.6"
},
{
"model": "engineering workflow management",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.6.1"
},
{
"model": "engineering workflow management",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.6"
},
{
"model": "engineering lifecycle optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.6.1"
},
{
"model": "engineering requirements quality assistant on-premises",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.2"
},
{
"model": "engineering workflow management",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "engineering lifecycle optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.6"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"cve": "CVE-2021-29844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-29844",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-29844",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-29844",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1796",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
},
{
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29844"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29844",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1796",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
},
{
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"id": "VAR-202110-1421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20535715
},
"last_update_date": "2022-05-04T08:51:56.064000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IBM Engineering Requirements Management DOORS Next Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=168883"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29844"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
},
{
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
},
{
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1796"
},
{
"date": "2021-10-27T16:15:00",
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1796"
},
{
"date": "2021-11-02T15:10:00",
"db": "NVD",
"id": "CVE-2021-29844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Engineering Requirements Management DOORS Next Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1796"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…