MEDIUM🇵🇱 Wersja polska

CVE-2020-4974

CVSS 6.3v3.1pub. 2021-07-28upd. 2024-11-21

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • IBM Engineering Lifecycle Optimization Engineering Insights

    APP
    Ibm
    7.07.0.17.0.2
  • IBM Engineering Requirements Quality Assistant On Premises

    APP
    Ibm
    wszystkie wersje
  • IBM Engineering Test Management

    APP
    Ibm
    7.0.07.0.17.0.2
  • IBM Engineering Workflow Management

    APP
    Ibm
    7.07.0.17.0.2
  • IBM Rational Collaborative Lifecycle Management

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Rational Doors Next Generation

    APP
    Ibm
    6.0.66.0.6.17.07.0.17.0.2
  • IBM Rational Engineering Lifecycle Manager

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Rational Quality Manager

    APP
    Ibm
    6.0.66.0.6.1
  • IBM Rational Team Concert

    APP
    Ibm
    6.0.66.0.6.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2024-39726HIGH8.2ten sam produkt

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External...

CVE-2021-29844HIGH8.8ten sam produkt

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authentic...

CVE-2021-29774HIGH7.5ten sam produkt

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain co...

CVE-2020-4495HIGH8.8ten sam produkt

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions...

CVE-2020-4965HIGH7.5ten sam produkt

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker t...