CVE-2021-20346
Published: Jun 2, 2021
Modified: Sep 16, 2024
CVSS v3.0
5.4
Description
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.
| Vendor | Product | Versions |
|---|---|---|
IBM | Rational Collaborative Lifecycle Management | affected 6.0.6affected 6.0.6.1 |
IBM | Rational Engineering Lifecycle Manager | affected 6.0.6affected 6.0.6.1affected 7.0affected 7.0.1affected 7.0.2 |
IBM | Engineering Lifecycle Optimization | affected 7.0affected 7.0.1affected 7.0.2 |
IBM | Rational DOORS Next Generation | affected 6.0.6affected 6.0.6.1affected 7.0affected 7.0.1affected 7.0.2 |
IBM | Rational Quality Manager | affected 6.0.6affected 6.0.6.1 |
IBM | Rational Rhapsody Model Manager | affected 6.0.6affected 6.0.6.1affected 7.0 |
IBM | Engineering Test Management | affected 7.0.0affected 7.0.1 |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/C:L/S:U/UI:N/A:N/AC:L/I:L/AV:N/PR:L/RC:C/RL:O/E:U
Confidentiality
Scope
User Interaction
Availability
Attack Complexity
Integrity
Attack Vector
Privileges Required
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now