CVE-2020-4974
6.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability: 2.8 / Impact: 3.4
Source: NVD
Description
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
Affected (25)
Products: Ibm: Engineering Lifecycle Optimization Engineering Insights, Engineering Requirements Quality Assistant On Premises, Engineering Test Management, Engineering Workflow Management, Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager, Rational Team Concert
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.0.1 | |
| All versions | |
| Version 7.0.0 | |
| Version 7.0.1 | |
| Version 6.0.2 | |
| Version 6.0.6.1 | |
| Version 6.0.2 | |
| Version 6.0.6.1 | |
| Version 6.0.6.1 |
References (4)
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.