IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/214441 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6562479 | Vendor Advisory |
Configurations
History
22 Mar 2022, 12:18
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ibm:spectrum_copy_data_management:*:*:*:*:*:*:*:* | |
| CWE | CWE-918 | |
| First Time |
Ibm spectrum Copy Data Management
Ibm |
|
| CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 6.5 |
| References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/214441 - VDB Entry, Vendor Advisory | |
| References | (CONFIRM) https://www.ibm.com/support/pages/node/6562479 - Vendor Advisory |
14 Mar 2022, 17:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-14 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-39051
Mitre link : CVE-2021-39051
CVE.ORG link : CVE-2021-39051
JSON object : View
Products Affected
ibm
- spectrum_copy_data_management
CWE
CWE-918
Server-Side Request Forgery (SSRF)