CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
19.6%
In IBM Engineering Lifecycle Optimization - Publishing, it is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains. CVE-2021-39016.
CVEID:CVE-2021-39016
**DESCRIPTION:**IBM Engineering Lifecycle Optimization - Publishing does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213722 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
PUB | 7.0.1 |
PUB | 7.0.2 |
RPE | 6.0.6 |
RPE | 6.0.6.1 |
PUB | 7.0 |
For IBM Publishing 7.0, upgrade to ifix016 or later, which can be downloaded from:
IBM Publishing 7.0 iFix016
For IBM Publishing 7.0.1, upgrade to ifix017 or later, which can be downloaded from:
IBM Publishing 7.0.1 iFix017
For IBM Publishing 7.0.2, upgrade to ifix013 or later, which can be downloaded from:
IBM Publishing 7.0.2 iFix013
For RPE 6.0.6 and 6.0.6.1, upgrade to latest 7.0.2 iFix13 or later, which can be downloaded from IBM Publishing 7.0.2 iFix013
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6 | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:*:*:*:*:*:*:* |
ibm | engineering_lifecycle_optimization_-_publishing | 6.0.6.1 | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:*:*:*:*:*:*:* |
ibm | engineering_lifecycle_optimization_-_publishing | 7.0 | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:* |
ibm | engineering_lifecycle_optimization_-_publishing | 7.0.1 | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:* |
ibm | engineering_lifecycle_optimization_-_publishing | 7.0.2 | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
19.6%