CVE-2021-39051 MEDIUM

CVE-2021-39051

Vendor Ibm
Product Spectrum Copy Data Management
Published March 14, 2022
Last update September 16, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/S:U/AC:H/UI:N/I:L/PR:N/A:N/C:L/RC:C/RL:O/E:U

What the vulnerability does

01Description

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.

Key dates

02Disclosure timeline

March 14, 2022 CVE published
September 16, 2024 Record updated