Lucene search

IbmCVELIST:CVE-2021-39051

HistoryMar 14, 2022 - 4:45 p.m.

CVE-2021-39051

2022-03-1416:45:18

ibm

www.cve.org

ibm

spectrum

copy data management

server-side request forgery

remote attacker

x-force id

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

41.2%

JSON

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.

CNA Affected

[
  {
    "product": "Spectrum Copy Data Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.0.0"
      },
      {
        "status": "affected",
        "version": "2.2.14.3"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/214441

www.ibm.com/support/pages/node/6562479

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

41.2%

JSON

Related for CVELIST:CVE-2021-39051