CVE-2021-20345
Published: Jun 2, 2021
Modified: Sep 16, 2024
CVSS v3.0
5.4
Description
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.
| Vendor | Product | Versions |
|---|---|---|
IBM | Rational Rhapsody Model Manager | affected 6.0.6affected 6.0.6.1affected 7.0 |
IBM | Rational Quality Manager | affected 6.0.6affected 6.0.6.1 |
IBM | Engineering Test Management | affected 7.0.0affected 7.0.1 |
IBM | Rational DOORS Next Generation | affected 6.0.6affected 6.0.6.1affected 7.0affected 7.0.1affected 7.0.2 |
IBM | Rational Engineering Lifecycle Manager | affected 6.0.6affected 6.0.6.1affected 7.0affected 7.0.1affected 7.0.2 |
IBM | Rational Collaborative Lifecycle Management | affected 6.0.6affected 6.0.6.1 |
IBM | Engineering Lifecycle Optimization | affected 7.0affected 7.0.1affected 7.0.2 |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/PR:L/AV:N/I:L/UI:N/A:N/AC:L/S:U/C:L/E:U/RL:O/RC:C
Privileges Required
Attack Vector
Integrity
User Interaction
Availability
Attack Complexity
Scope
Confidentiality
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now