| Vulnerability Name: | CVE-2021-39016 (CCN-213722) | ||||||||||||
| Assigned: | 2021-08-16 | ||||||||||||
| Published: | 2022-07-13 | ||||||||||||
| Updated: | 2022-07-18 | ||||||||||||
| Summary: | IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722. | ||||||||||||
| CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-39016 Source: XF Type: UNKNOWN ibm-engineering-cve202139016-sec-bypass(213722) Source: XF Type: VDB Entry, Vendor Advisory ibm-engineering-cve202139016-sec-bypass (213722) Source: CCN Type: IBM Security Bulletin 6603335 (Engineering Lifecycle Optimization Publishing) IBM Engineering Lifecycle Optimization - Publishing is vulnerable to External Service Interaction (CVE-2021-39016) Source: CONFIRM Type: Patch, Vendor Advisory https://www.ibm.com/support/pages/node/6603335 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||