Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5DCFF1907C51BAFABE0D594AEA67786A5570EEEFACB27128DCE8432ADB2ADBFA
HistoryMay 12, 2021 - 9:55 p.m.

Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2021-20535)

2021-05-1221:55:43
www.ibm.com
8

0.001 Low

EPSS

Percentile

19.9%

JSON

Summary

There is a security vulnerability in the Report Builder shipped with Jazz Reporting Service.

Vulnerability Details

CVEID:CVE-2021-20535
**DESCRIPTION:**IBM Jazz Reporting Service is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198834 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Jazz Reporting Service 7.0.2
IBM Jazz Reporting Service 7.0.1
IBM Jazz Reporting Service 7.0
IBM Jazz Reporting Service 6.0.6.1

Remediation/Fixes

Apply the recommended fixes to all affected versions of Jazz Reporting Service.

Product VRMF Remediation
Jazz Reporting Service 7.0.2 Download the interim fix 7.0.2-IBM-ELM-ifix003 (or later) package from the ELM 7.0.2 iFix release site and follow the instructions inside the package for patch application.
Jazz Reporting Service 7.0.1 Download the interim fix 7.0.1-IBM-ELM-ifix008 (or later) package from the ELM 7.0.1 iFix release site and follow the instructions inside the package for patch application.
Jazz Reporting Service 7.0 Download the interim fix 7.0-IBM-ELM-ifix009 (or later) package from the ELM 7.0 iFix release site and follow the instructions inside the package for patch application.
Jazz Reporting Service 6.0.6.1 Download the interim fix 6.0.6.1-Rational-CLM-ifix017 (or later) package from the CLM 6.0.6.1 iFix release site and follow the instructions inside the package for patch application.

If the iFix is not found in the iFix Portal please contact IBM support.

Workarounds and Mitigations

None

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Server side request forgery (ssrf)
2021-05-13 16:15:00
cve
cve
CVE-2021-20535
2021-05-13 16:15:07
cvelist
cvelist
CVE-2021-20535
2021-05-12 00:00:00
nvd
nvd
CVE-2021-20535
2021-05-13 16:15:07

0.001 Low

EPSS

Percentile

19.9%

JSON
Related for 5DCFF1907C51BAFABE0D594AEA67786A5570EEEFACB27128DCE8432ADB2ADBFA
prion1cve1cvelist1nvd1