IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6475919 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Aug 2021, 15:01
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.ibm.com/support/pages/node/6475919 - Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 - VDB Entry, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.3 |
CWE | CWE-918 | |
CPE | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:* |
30 Jul 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434. |
28 Jul 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-28 13:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-4974
Mitre link : CVE-2020-4974
CVE.ORG link : CVE-2020-4974
JSON object : View
Products Affected
ibm
- rational_collaborative_lifecycle_management
- engineering_requirements_quality_assistant_on-premises
- engineering_test_management
- rational_team_concert
- rational_engineering_lifecycle_manager
- rational_doors_next_generation
- engineering_lifecycle_optimization_-_engineering_insights
- rational_quality_manager
- engineering_workflow_management
CWE
CWE-918
Server-Side Request Forgery (SSRF)