ByteOS Network

NVD Vulnerability Details :

CVE-2021-39052

Analyzed

Source-psirt@us.ibm.com

Published At-13 Dec, 2021 | 18:15

Updated At-12 Jul, 2022 | 17:42

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.0	5.6	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.0

Base score: 5.6

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

IBM Corporation

>>spectrum_copy_data_management>>Versions up to 2.2.13(inclusive)

cpe:2.3:a:ibm:spectrum_copy_data_management:*:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/214523	psirt@us.ibm.com	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6525554	psirt@us.ibm.com	Patch Vendor Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/214523

Source: psirt@us.ibm.com

Resource:

VDB Entry

Vendor Advisory

Hyperlink: https://www.ibm.com/support/pages/node/6525554

Source: psirt@us.ibm.com

Resource:

Patch

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History