CVE-2021-39016
First published: Fri Jul 08 2022(Updated: )
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Pub | <=7.0.1 | |
| IBM Pub | <=7.0.2 | |
| IBM Rational Publishing Engine (RPE) | <=6.0.6 | |
| IBM Rational Publishing Engine (RPE) | <=6.0.6.1 | |
| IBM Pub | <=7.0 | |
| All of | ||
| Any of | ||
| IBM Engineering Lifecycle Optimization | =6.0.6 | |
| IBM Engineering Lifecycle Optimization | =6.0.6.1 | |
| IBM Engineering Lifecycle Optimization | =7.0.1 | |
| IBM Engineering Lifecycle Optimization | =7.0 | |
| IBM Engineering Lifecycle Optimization | =7.0.2 | |
| Any of | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| IBM Engineering Lifecycle Optimization | =6.0.6 | |
| IBM Engineering Lifecycle Optimization | =6.0.6.1 | |
| IBM Engineering Lifecycle Optimization | =7.0 | |
| IBM Engineering Lifecycle Optimization | =7.0.1 | |
| IBM Engineering Lifecycle Optimization | =7.0.2 | |
| Linux Kernel | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-39016.
Which software versions are affected by this vulnerability?
IBM Engineering Lifecycle Optimization - Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 are affected.
What is the severity of CVE-2021-39016?
The severity of CVE-2021-39016 is medium with a score of 4.3.
What is the IBM X-Force ID associated with this vulnerability?
The IBM X-Force ID associated with this vulnerability is 213722.
How can I fix this vulnerability?
To fix this vulnerability, update IBM Engineering Lifecycle Optimization - Publishing to a version that is not affected, such as 7.0.2.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/trending
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/source
- agent/event
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/ibm
- canonical/ibm pub
- version/ibm pub/7.0.1
- version/ibm pub/7.0.2
- canonical/ibm rational publishing engine (rpe)
- version/ibm rational publishing engine (rpe)/6.0.6
- version/ibm rational publishing engine (rpe)/6.0.6.1
- version/ibm pub/7.0
- canonical/ibm engineering lifecycle optimization
- version/ibm engineering lifecycle optimization/6.0.6
- version/ibm engineering lifecycle optimization/6.0.6.1
- version/ibm engineering lifecycle optimization/7.0.1
- version/ibm engineering lifecycle optimization/7.0
- version/ibm engineering lifecycle optimization/7.0.2
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system