HIGH🇬🇧 English

CVE-2021-29844

CVSS 8.8v3.1pub. 2021-10-27upd. 2024-11-21

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • IBM Engineering Lifecycle Optimization

    APP
    Ibm
    6.0.66.0.6.17.0
  • IBM Engineering Requirements Quality Assistant On Premises

    APP
    Ibm
    wszystkie wersje
  • IBM Engineering Workflow Management

    APP
    Ibm
    7.07.0.17.0.2
  • IBM Rational Doors Next Generation

    APP
    Ibm
    6.0.66.0.6.17.07.0.17.0.2
  • IBM Rational Engineering Lifecycle Manager

    APP
    Ibm
    7.07.0.17.0.2
  • IBM Rational Rhapsody Design Manager

    APP
    Ibm
    wszystkie wersje
  • IBM Rational Team Concert

    APP
    Ibm
    6.0.26.0.66.0.6.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRF
CWE
Referencje

Powiązane podatności

CVE-2023-45191HIGH7.5ten sam produkt

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could a...

CVE-2021-29774HIGH7.5ten sam produkt

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain co...

CVE-2020-4495HIGH8.8ten sam produkt

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions...

CVE-2020-4965HIGH7.5ten sam produkt

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker t...

CVE-2021-20502HIGH7.1ten sam produkt

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing X...