Medium Severity

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.(CVE-2021-20544)

Share this post:

Summary guidance: External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some cases might even be the intended behaviour of the application. However, in many cases, it can indicate a vulnerability.

CVE(s): CVE-2021-20544

Affected product(s) and affected version(s):

Affected Products/Versions guidance:

Affected Product(s) Version(s)
Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6597513
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198931

More stories

Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987)

August 10, 2022 | Medium Severity

This security vulnerability affects the Node.js got module that is used by IBM Event Streams. ...read more


Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote access due to Go CVE-2022-29526

August 10, 2022 | Medium Severity

Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote access due to Go CVE-2022-29526 with details below ...read more


Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)

August 9, 2022 | Medium Severity

IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7. ...read more