CVE-2021-39051
MEDIUMIBM Spectrum Copy Data Management 2.2.0.0-2.2.14.3 - Server-Side Request Forgery via Application Server Registration
Title source: llmDescription
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6562479
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/214441
Scores
CVSS v3
6.5
EPSS
0.0012
EPSS Percentile
30.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-918
Status
published
Products (1)
ibm/spectrum_copy_data_management
2.2.0.0 - 2.2.15.0
Published
Mar 14, 2022
Tracked Since
Feb 18, 2026