CVE-2021-20348
Published: Jun 2, 2021
Modified: Sep 16, 2024
CVSS v3.0
5.4
Description
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.
| Vendor | Product | Versions |
|---|---|---|
IBM | Rational Rhapsody Model Manager | affected 6.0.6affected 6.0.6.1affected 7.0 |
IBM | Rational Quality Manager | affected 6.0.6affected 6.0.6.1 |
IBM | Engineering Test Management | affected 7.0.0affected 7.0.1 |
IBM | Rational DOORS Next Generation | affected 6.0.6affected 6.0.6.1affected 7.0affected 7.0.1affected 7.0.2 |
IBM | Rational Collaborative Lifecycle Management | affected 6.0.6affected 6.0.6.1 |
IBM | Rational Engineering Lifecycle Manager | affected 6.0.6affected 6.0.6.1affected 7.0affected 7.0.1affected 7.0.2 |
IBM | Engineering Lifecycle Optimization | affected 7.0affected 7.0.1affected 7.0.2 |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/A:N/AC:L/UI:N/I:L/PR:L/AV:N/C:L/S:U/RC:C/E:U/RL:O
Availability
Attack Complexity
User Interaction
Integrity
Privileges Required
Attack Vector
Confidentiality
Scope
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now