CVE-2021-39051

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 69.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Copy Data Management
Timeline
PublishedMar 14
Latest updateMar 15

Description

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDibm/spectrum_copy_data_management2.2.0.02.2.15.0
CVEListV5ibm/spectrum_copy_data_management2.2.0.0, 2.2.14.3+1

🔴Vulnerability Details

2
GHSA
GHSA-3xxr-729f-x6v9: IBM Spectrum Copy Data Management 22022-03-15
CVEList
CVE-2021-39051: IBM Spectrum Copy Data Management 22022-03-14