IBM3AB8A0D8DF3E8947F6AADDC12247EF1D5E01D8D9D6A259B65657D804679CB6E0Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Malicious File Upload (CVE-2021-39017)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
35.7%
Summary
In IBM Engineering Lifecycle Optimization - Publishing, there are no file extension and content-type checks in place which helps an attacker to upload a malicious file of their choice. (CVE-2021-39017)
Vulnerability Details
CVEID:CVE-2021-39017
**DESCRIPTION:**IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to upload arbitrary files, caused by improper access controls.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213725 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| PUB | 7.0.1 |
| PUB | 7.0.2 |
| RPE | 6.0.6 |
| RPE | 6.0.6.1 |
| PUB | 7.0 |
Remediation/Fixes
For IBM Publishing 7.0, upgrade to ifix016 or later, which can be downloaded from:
IBM Publishing 7.0 iFix016
For IBM Publishing 7.0.1, upgrade to ifix017 or later, which can be downloaded from:
IBM Publishing 7.0.1 iFix017
For IBM Publishing 7.0.2, upgrade to ifix013 or later, which can be downloaded from:
IBM Publishing 7.0.2 iFix013
For RPE 6.0.6 and 6.0.6.1, upgrade to latest 7.0.2 iFix13 or later, which can be downloaded from: IBM Publishing 7.0.2 iFix013
Workarounds and Mitigations
None
Affected configurations
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
35.7%