CVE-2021-20345 : What You Need to Know
Learn about CVE-2021-20345 affecting IBM Jazz Foundation & Engineering products. Understand the impact, affected versions, and mitigation steps for this SSRF vulnerability.
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF), potentially leading to network enumeration or other attacks.
Understanding CVE-2021-20345
This CVE affects various IBM products due to SSRF vulnerability.
What is CVE-2021-20345?
IBM Jazz Foundation and IBM Engineering products are susceptible to SSRF, allowing authenticated attackers to send unauthorized requests.
The Impact of CVE-2021-20345
The vulnerability can lead to network enumeration or enable further malicious activities.
Technical Details of CVE-2021-20345
The CVSS score for this CVSS-3.0 is 5.4 (Medium Severity) with attack vector as NETWORK.
Vulnerability Description
IBM Engineering products are affected by SSRF vulnerability, X-Force ID: 194594.
Affected Systems and Versions
- Rational Rhapsody Model Manager (6.0.6, 6.0.6.1, 7.0)
- Rational Quality Manager (6.0.6, 6.0.6.1)
- Engineering Test Management (7.0.0, 7.0.1)
- Rational DOORS Next Generation (6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2)
- Rational Engineering Lifecycle Manager (6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2)
- Rational Collaborative Lifecycle Management (6.0.6, 6.0.6.1)
- Engineering Lifecycle Optimization (7.0, 7.0.1, 7.0.2)
Exploitation Mechanism
The attacker can utilize SSRF to send unauthorized requests, potentially causing harm to the network.
Mitigation and Prevention
It is crucial to take immediate steps to secure the affected IBM products against CVE-2021-20345.
Immediate Steps to Take
- Apply official fixes provided by IBM to mitigate the vulnerability.
Long-Term Security Practices
- Regularly update and patch the affected systems to protect against known vulnerabilities.
Patching and Updates
- Monitor IBM's security bulletins and apply patches as they become available to maintain system security.