Vulnerability Description
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Engineering Lifecycle Optimization | 6.0.6 |
| Ibm | Engineering Requirements Quality Assistant On-Premises | - |
| Ibm | Engineering Workflow Management | 7.0 |
| Ibm | Rational Doors Next Generation | 6.0.6 |
| Ibm | Rational Engineering Lifecycle Manager | 7.0 |
| Ibm | Rational Rhapsody Design Manager | - |
| Ibm | Rational Team Concert | 6.0.2 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/205205VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6508583PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/205205VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6508583PatchVendor Advisory
FAQ
What is CVE-2021-29844?
CVE-2021-29844 is a vulnerability with a CVSS score of 8.8 (HIGH). IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...
How severe is CVE-2021-29844?
CVE-2021-29844 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29844?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Engineering Lifecycle Optimization, Ibm Engineering Requirements Quality Assistant On-Premises, Ibm Engineering Workflow Management, Ibm Rational Doors Next Generation, Ibm Rational Engineering Lifecycle Manager.