Lucene search

IBMCD8A8CB8894E83BBFC3884939B25BA71320C0FF3472F9078E6FA918968D6E8B9

HistoryMay 13, 2024 - 7:33 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329)

2024-05-1307:33:30

www.ibm.com

ibm

engineering lifecycle

server-side request forgery

cve-2024-22329

affected products

interim fix

fix pack

apar ph59117

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test Management, IBM Engineering Workflow Management, Global Configuration Management, IBM Engineering Requirements Management DOORS Next.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Engineering Workflow Management	7.0.2
Global Configuration Management
IBM Engineering Test Management
IBM Engineering Requirements Management DOORS Next
Jazz Foundation
IBM Engineering Workflow Management	7.0.3
Global Configuration Management
IBM Engineering Test Management
IBM Engineering Requirements Management DOORS Next
Jazz Foundation

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH59117.

If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.

Link: <https://www.ibm.com/support/pages/node/7148380>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmengineering_lifecycle_managementMatch702

ibmengineering_lifecycle_managementMatch703

CPENameOperatorVersion
ibm engineering lifecycle management baseeq702
ibm engineering lifecycle management baseeq703

CPE	Name	Operator	Version
	ibm engineering lifecycle management base	eq	702
	ibm engineering lifecycle management base	eq	703

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CD8A8CB8894E83BBFC3884939B25BA71320C0FF3472F9078E6FA918968D6E8B9