CVE-2020-4974

CWE-918 — Server-Side Request Forgery (SSRF)8 documents4 sources

Severity

6.3MEDIUM

EPSS

0.2%

top 62.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Engineering Lifecycle Optimization IBM Engineering Test Management IBM Engineering Workflow Management +6 more

Timeline

PublishedJul 28

Latest updateMay 24

Description

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages16 packages

▶CVEListV5ibm/rational_team_concert6.0.6, 6.0.6.1+1

▶NVDibm/rational_team_concert6.0.6, 6.0.6.1+1

▶CVEListV5ibm/rational_quality_manager6.0.6, 6.0.6.1+1

▶NVDibm/rational_quality_manager6.0.6, 6.0.6.1+1

▶CVEListV5ibm/engineering_test_management7.0.0, 7.0.1, 7.0.2+2

🔴Vulnerability Details

GHSA

GHSA-8xmv-482h-9xqg: IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF)↗2022-05-24

▶

CVEList

CVE-2020-4974: IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF)↗2021-07-28

▶

💬Community

Bugzilla

CVE-2020-16008 chromium-browser: Stack buffer overflow in WebRTC↗2020-11-03

▶

Bugzilla

CVE-2020-16005 chromium-browser: Insufficient policy enforcement in ANGLE↗2020-11-03

▶

Bugzilla

CVE-2020-16004 chromium-browser: Use after free in user interface↗2020-11-03

▶

Bugzilla

CVE-2020-16009 chromium-browser: Inappropriate implementation in V8↗2020-11-03

▶

Bugzilla

CVE-2020-16006 chromium-browser: Inappropriate implementation in V8↗2020-11-03

▶