Lucene search

IBMD9A4CBFE50B20DD1BAADD5A7F190C318057A4B3EC76A8D86A7667E7E0DB05F24

HistoryJul 07, 2022 - 4:39 p.m.

Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-30640)

2022-07-0716:39:00

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

57.9%

JSON

Summary

IBM Rational Build Forge is affected by CVE-2021-30640.

Vulnerability Details

CVEID:CVE-2021-30640
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request using various user names, an attacker could exploit this vulnerability to bypass some of the protection provided by the LockOut Realm.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205213 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Rational Build Forge	8.0.0 - 8.0.0.21

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to IBM Rational Build Forge version 8.0.0.22 or above.

Affected Supporting Product(s)

Remediation/Fix

—|—

IBM Rational Build Forge 8.0.0 to 8.0.0.21

Download IBM Rational Build Forge 8.0.0.22.

The fix includes Apache Tomcat - 9.0.59.

Workarounds and Mitigations

None

CPENameOperatorVersion
rationaleq8.0.0
rationaleq8.0.0.22

CPE	Name	Operator	Version
	rational	eq	8.0.0
	rational	eq	8.0.0.22

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for D9A4CBFE50B20DD1BAADD5A7F190C318057A4B3EC76A8D86A7667E7E0DB05F24