PT-2022-10866 · Ibm · Ibm Spectrum Copy Data Management

Published

2022-03-14

Updated

2022-03-22

CVE-2021-39051

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3

Description The issue is caused by improper input of the application server registration function, leading to server-side request forgery. A remote attacker could exploit this using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services running on those hosts.

Recommendations For versions 2.2.0.0 through 2.2.14.3, update to a version that fixes the improper input of the application server registration function to prevent server-side request forgery. As a temporary workaround, consider restricting access to the application server registration form in the portal UI to minimize the risk of exploitation.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-39051

Affected Products

Ibm Spectrum Copy Data Management

PT-2022-10866 · Ibm · Ibm Spectrum Copy Data Management

CVE-2021-39051

Weakness Enumeration

Related Identifiers

Affected Products

References · 5