First published: Fri Mar 11 2022(Updated: )
IBM Spectrum Copy Data Management is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Spectrum Copy Data Management | >=2.2.0.0<2.2.15.0 | |
IBM Spectrum Copy Data Management | <=2.2.0.0-2.2.14.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-39051.
The severity of CVE-2021-39051 is medium with a CVSS score of 6.5.
The affected software for CVE-2021-39051 is IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3.
CVE-2021-39051 is a vulnerability in IBM Spectrum Copy Data Management that allows for server-side request forgery due to improper input of the application server registration function.
A remote attacker can exploit CVE-2021-39051 by using the host address and port fields of the application server registration to perform server-side request forgery.