First published: Mon Oct 25 2021(Updated: )
IBM Engineering Requirements Management DOORS Next is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Engineering Lifecycle Optimization | =6.0.6 | |
IBM Engineering Lifecycle Optimization | =6.0.6.1 | |
IBM Engineering Lifecycle Optimization | =7.0 | |
IBM Engineering Requirements Quality Assistant | ||
IBM Engineering Workflow Management (EWM) | =7.0 | |
IBM Engineering Workflow Management (EWM) | =7.0.1 | |
IBM Engineering Workflow Management (EWM) | =7.0.2 | |
IBM Engineering Requirements Management DOORS Next Generation | =6.0.6 | |
IBM Engineering Requirements Management DOORS Next Generation | =6.0.6.1 | |
IBM Engineering Requirements Management DOORS Next Generation | =7.0 | |
IBM Engineering Requirements Management DOORS Next Generation | =7.0.1 | |
IBM Engineering Requirements Management DOORS Next Generation | =7.0.2 | |
IBM Engineering Lifecycle Manager | =7.0 | |
IBM Engineering Lifecycle Manager | =7.0.1 | |
IBM Engineering Lifecycle Manager | =7.0.2 | |
IBM Rational Rhapsody | ||
IBM Rational Team Concert | =6.0.2 | |
IBM Rational Team Concert | =6.0.6 | |
IBM Rational Team Concert | =6.0.6.1 | |
IBM Engineering Lifecycle Management | <=6.0.6.1 | |
IBM Engineering Lifecycle Management | <=6.0.6 | |
IBM Engineering Lifecycle Management (ELM) | <=7.0.2 | |
IBM Engineering Lifecycle Management (ELM) | <=7.0 | |
IBM Engineering Lifecycle Management (ELM) | <=7.0.1 | |
IBM Engineering Requirements Quality Assistant On-Premises | <=1.0 | |
IBM Engineering Requirements Quality Assistant | <=All | |
IBM Engineering Workflow Management (EWM) | <=7.0.2 | |
IBM Engineering Workflow Management (EWM) | <=7.0.1 | |
IBM Rational Team Concert | <=6.0.2 | |
IBM Rational Team Concert | <=6.0.6.1 | |
IBM Engineering Workflow Management (EWM) | <=7.0 | |
IBM Rational Team Concert | <=6.0.6 | |
IBM Rhapsody | <=All | |
IBM Rational DOORS Next Generation | <=7.0.2 | |
IBM Rational DOORS Next Generation | <=7.0 | |
IBM Rational DOORS Next Generation | <=7.0.1 | |
IBM Rational DOORS Next Generation | <=6.0.6.1 | |
IBM Rational DOORS Next Generation | <=6.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-29844.
IBM CLM versions up to and including 6.0.6.1, IBM ELM versions up to and including 7.0.2, IBM Engineering Requirements Quality Assistant version 1.0, IBM Engineering Requirements Quality Assistant On-Premises(all versions), IBM EWM versions up to and including 7.0.2, IBM RTC versions up to and including 6.0.6.1, IBM Engineeing Systems Design Rhapsody (all versions), IBM DOORS Next versions up to and including 7.0.2, and IBM RDNG versions up to and including 6.0.6.1 are affected by this vulnerability.
The severity of the CVE-2021-29844 vulnerability is rated as high with a CVSS score of 8.8.
This vulnerability may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
It is recommended to apply the latest security updates provided by IBM to fix this vulnerability. Please refer to the IBM Security Bulletin for specific information on the fixes.