CVE-2021-20345

Description

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.

CVSS breakdown

CVSS 3.0

Privileges Required

Low

Attack Vector

Network

Integrity

Low

User Interaction

None

Availability

None

Attack Complexity

Low

Scope

Unchanged

Confidentiality

Low

Unchanged

Changed

Affected products

ibm / Engineering Lifecycle Optimization7.0.1 – 7.0.1
ibm / Engineering Lifecycle Optimization7.0.2 – 7.0.2
ibm / Engineering Lifecycle Optimization7.0 – 7.0
ibm / Engineering Test Management7.0.0 – 7.0.0
ibm / Engineering Test Management7.0.1 – 7.0.1
ibm / Rational Collaborative Lifecycle Management6.0.6 – 6.0.6
ibm / Rational Collaborative Lifecycle Management6.0.6.1 – 6.0.6.1
ibm / Rational DOORS Next Generation7.0 – 7.0
ibm / Rational DOORS Next Generation7.0.1 – 7.0.1
ibm / Rational DOORS Next Generation6.0.6 – 6.0.6
ibm / Rational DOORS Next Generation6.0.6.1 – 6.0.6.1
ibm / Rational DOORS Next Generation7.0.2 – 7.0.2
ibm / Rational Engineering Lifecycle Manager6.0.6 – 6.0.6
ibm / Rational Engineering Lifecycle Manager6.0.6.1 – 6.0.6.1
ibm / Rational Engineering Lifecycle Manager7.0 – 7.0
ibm / Rational Engineering Lifecycle Manager7.0.1 – 7.0.1
ibm / Rational Engineering Lifecycle Manager7.0.2 – 7.0.2
ibm / Rational Quality Manager6.0.6.1 – 6.0.6.1
ibm / Rational Quality Manager6.0.6 – 6.0.6
ibm / Rational Rhapsody Model Manager7.0 – 7.0
ibm / Rational Rhapsody Model Manager6.0.6.1 – 6.0.6.1
ibm / Rational Rhapsody Model Manager6.0.6 – 6.0.6

CVE-2021-20345

Description

CVSS breakdown

Affected products

References