Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-29844

Опубликовано: 27 окт. 2021
Источник: nvd
CVSS3: 5.4
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_optimization:6.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00128
Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

github логотип

GHSA-89h6-69jq-v92c

github
больше 3 лет назад

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

EPSS

Процентиль: 33%
0.00128
Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918