Description
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.
Affected Software
Related
{"id": "CVE-2021-39057", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-39057", "description": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.", "published": "2021-12-13T19:15:00", "modified": "2021-12-15T21:23:00", "epss": [{"cve": "CVE-2021-39057", "epss": 0.0006, "percentile": 0.23324, "modified": "2023-05-23"}], "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39057", "reporter": "psirt@us.ibm.com", "references": ["https://www.ibm.com/support/pages/node/6525346", "https://exchange.xforce.ibmcloud.com/vulnerabilities/214616"], "cvelist": ["CVE-2021-39057"], "immutableFields": [], "lastseen": "2023-05-23T15:39:52", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "cnvd", "idList": ["CNVD-2022-05086"]}, {"type": "ibm", "idList": ["A01344A77932623BBBEA76404B65ECAB41830C6DD5625FE4A8723994815FDF06"]}]}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "ibm", "idList": ["A01344A77932623BBBEA76404B65ECAB41830C6DD5625FE4A8723994815FDF06"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm spectrum protect plus", "version": 10}]}, "epss": [{"cve": "CVE-2021-39057", "epss": 0.0006, "percentile": 0.2322, "modified": "2023-05-03"}], "vulnersScore": 5.5}, "_state": {"dependencies": 1685073320, "score": 1684856603, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "e084a0374e2c8212d9d8a256146cc52f"}, "cna_cvss": {"cna": "IBM Corporation", "cvss": {"3": {"vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "score": 4.2}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-918"], "affectedSoftware": [{"cpeName": "ibm:spectrum_protect_plus", "version": "10.1.9", "operator": "lt", "name": "ibm spectrum protect plus"}], "affectedConfiguration": [{"name": "linux linux kernel", "cpeName": "linux:linux_kernel", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:ibm:spectrum_protect_plus:10.1.9:*:*:*:*:*:*:*", "versionStartIncluding": "10.1.0", "versionEndExcluding": "10.1.9", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://www.ibm.com/support/pages/node/6525346", "name": "https://www.ibm.com/support/pages/node/6525346", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214616", "name": "ibm-spectrum-cve202139057-ssrf (214616)", "refsource": "XF", "tags": ["VDB Entry", "Vendor Advisory"]}], "product_info": [{"vendor": "IBM", "product": "Spectrum Protect Plus"}], "solutions": [], "workarounds": [], "impacts": [], "exploits": [], "problemTypes": [], "assigned": "1976-01-01T00:00:00"}
{"cnvd": [{"lastseen": "2022-11-05T07:04:41", "description": "IBM Spectrum Protect Plus is a data protection platform from IBM Corporation. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes.A security vulnerability exists in IBM Spectrum Protect Plus, which stems from a lack of filtering and validation of server-side request forgery on the software server side. An attacker could exploit the vulnerability to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-16T00:00:00", "type": "cnvd", "title": "IBM Spectrum Protect Plus server-side request forgery vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39057"], "modified": "2022-01-19T00:00:00", "id": "CNVD-2022-05086", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-05086", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}], "prion": [{"lastseen": "2023-08-16T06:58:58", "description": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-13T19:15:00", "type": "prion", "title": "CVE-2021-39057", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39057"], "modified": "2021-12-15T21:23:00", "id": "PRION:CVE-2021-39057", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-39057", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}], "ibm": [{"lastseen": "2023-06-06T17:54:50", "description": "## Summary\n\nIBM Spectrum Protect Plus is vulnerable to Server-Side Request Forgery (SSRF), Man-in-the-Middle (MITM) attack, and Cross-Origin Resource Sharing (CORS) attack.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-39057](<https://vulners.com/cve/CVE-2021-39057>) \n** DESCRIPTION: **IBM Spectrum Protect Plus is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214616](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214616>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-4496](<https://vulners.com/cve/CVE-2020-4496>) \n** DESCRIPTION: **The IBM Spectrum Protect Plus server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182046](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182046>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-39063](<https://vulners.com/cve/CVE-2021-39063>) \n** DESCRIPTION: **IBM Spectrum Protect Plus uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214956>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0.0-10.1.8.x \n \n## Remediation/Fixes\n\n**IBM Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.9| Linux| <https://www.ibm.com/support/pages/node/6487159> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-10T21:03:31", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Protect Plus is vulnerable to SSRF, MITM, and CORS attacks", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4496", "CVE-2021-39057", "CVE-2021-39063"], "modified": "2021-12-10T21:03:31", "id": "A01344A77932623BBBEA76404B65ECAB41830C6DD5625FE4A8723994815FDF06", "href": "https://www.ibm.com/support/pages/node/6525346", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}]}
CVE-2021-39057
