CVE-2021-39016

EUVD-2021-25453
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/PR:L/C:N/I:L/UI:N/S:U/AC:L/A:N/AV:N/RL:O/RC:C/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
ibmengineering_lifecycle_optimization_-_publishing
6.0.6
ibmengineering_lifecycle_optimization_-_publishing
6.0.6.1
ibmengineering_lifecycle_optimization_-_publishing
7.0.1
ibmengineering_lifecycle_optimization_publishing
7.0
ibmengineering_lifecycle_optimization_publishing
7.0.2
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/213722
https://www.ibm.com/support/pages/node/6603335
https://exchange.xforce.ibmcloud.com/vulnerabilities/213722
https://www.ibm.com/support/pages/node/6603335