Sign-up

ID

VAR-202110-1421


CVE

CVE-2021-29844


TITLE

IBM Engineering Requirements Management DOORS Next Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202110-1796

DESCRIPTION

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Trust: 1.0

sources: NVD: CVE-2021-29844

AFFECTED PRODUCTS

vendor:ibmmodel:rational doors next generationscope:eqversion:7.0.1

Trust: 1.0

vendor:ibmmodel:rational team concertscope:eqversion:6.0.6.1

Trust: 1.0

vendor:ibmmodel:engineering lifecycle optimizationscope:eqversion:7.0

Trust: 1.0

vendor:ibmmodel:rational team concertscope:eqversion:6.0.6

Trust: 1.0

vendor:ibmmodel:engineering workflow managementscope:eqversion:7.0

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:7.0.2

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:eqversion:7.0.2

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0.6.1

Trust: 1.0

vendor:ibmmodel:engineering workflow managementscope:eqversion:7.0.1

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0.6

Trust: 1.0

vendor:ibmmodel:engineering lifecycle optimizationscope:eqversion:6.0.6.1

Trust: 1.0

vendor:ibmmodel:engineering requirements quality assistant on-premisesscope:eqversion: -

Trust: 1.0

vendor:ibmmodel:rational team concertscope:eqversion:6.0.2

Trust: 1.0

vendor:ibmmodel:engineering workflow managementscope:eqversion:7.0.2

Trust: 1.0

vendor:ibmmodel:rational rhapsody design managerscope:eqversion: -

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:7.0

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:eqversion:7.0

Trust: 1.0

vendor:ibmmodel:engineering lifecycle optimizationscope:eqversion:6.0.6

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:7.0.1

Trust: 1.0

sources: NVD: CVE-2021-29844

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-29844
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-1796
value: HIGH

Trust: 0.6

NVD: CVE-2021-29844
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-29844
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202110-1796 // NVD: CVE-2021-29844

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.0

sources: NVD: CVE-2021-29844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1796

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-1796

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-29844

PATCH
title:IBM Engineering Requirements Management DOORS Next Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=168883
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202110-1796

EXTERNAL IDS
db:NVDid:CVE-2021-29844
Trust: 1.6
db:CNNVDid:CNNVD-202110-1796
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202110-1796 // 
            
            
            
            NVD: CVE-2021-29844

REFERENCES
url:https://www.ibm.com/support/pages/node/6508583
Trust: 2.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/205205
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-29844
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202110-1796 // 
            
            
            
            NVD: CVE-2021-29844

SOURCES
db:CNNVDid:CNNVD-202110-1796
db:NVDid:CVE-2021-29844

LAST UPDATE DATE
2022-05-04T08:51:56.064000+00:00

SOURCES UPDATE DATE
db:CNNVDid:CNNVD-202110-1796date:2021-11-08T00:00:00
db:NVDid:CVE-2021-29844date:2021-11-02T15:10:00

SOURCES RELEASE DATE
db:CNNVDid:CNNVD-202110-1796date:2021-10-25T00:00:00
db:NVDid:CVE-2021-29844date:2021-10-27T16:15:00