CVE-2021-29844

Published: Oct 27, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Affected (19)

Products: Ibm: Engineering Lifecycle Optimization, Engineering Requirements Quality Assistant On Premises, Engineering Workflow Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Rhapsody Design Manager, Rational Team Concert

Ibm

7 products

Engineering Lifecycle Optimization

Engineering Requirements Quality Assistant On Premises

Engineering Workflow Management

Rational Doors Next Generation

Rational Engineering Lifecycle Manager

Rational Rhapsody Design Manager

Rational Team Concert

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Ibm Engineering Lifecycle Optimization	Version 6.0.6.1
Ibm Engineering Lifecycle Optimization	Version 6.0.6
Ibm Engineering Lifecycle Optimization	Version 7.0
Ibm Engineering Requirements Quality Assistant On Premises	All versions
Ibm Engineering Workflow Management	Version 7.0.1
Ibm Engineering Workflow Management	Version 7.0.2
Ibm Engineering Workflow Management	Version 7.0
Ibm Rational Doors Next Generation	Version 6.0.6.1
Ibm Rational Doors Next Generation	Version 6.0.6
Ibm Rational Doors Next Generation	Version 7.0.1
Ibm Rational Doors Next Generation	Version 7.0.2
Ibm Rational Doors Next Generation	Version 7.0
Ibm Rational Engineering Lifecycle Manager	Version 7.0.1
Ibm Rational Engineering Lifecycle Manager	Version 7.0.2
Ibm Rational Engineering Lifecycle Manager	Version 7.0
Ibm Rational Rhapsody Design Manager	All versions
Ibm Rational Team Concert	Version 6.0.2
Ibm Rational Team Concert	Version 6.0.6.1
Ibm Rational Team Concert	Version 6.0.6