How severe is CVE-2020-4974?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Ibm Engineering Lifecycle Optimization

CVE-2020-4974

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other att…

EPSS: 0.002 (37.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.0/A:L/UI:N/C:L/AV:N/PR:L/I:L/AC:L/S:U/RC:C/E:U/RL:O.

Affected products

Ibm Engineering Lifecycle Optimization — versions 7.0, 7.0.1, 7.0.2
Ibm Engineering Test Management — versions 7.0.0, 7.0.1, 7.0.2
Ibm Engineering Workflow Management — versions 7.0, 7.0.1, 7.0.2
Ibm Rational Collaborative Lifecycle Management — versions 6.0.2, 6.0.6, 6.0.6.1
Ibm Rational Doors Next Generation — versions 6.0.6, 6.0.6.1, 7.0
Ibm Rational Engineering Lifecycle Manager — versions 6.0.2, 6.0.6, 6.0.6.1
Ibm Rational Quality Manager — versions 6.0.6, 6.0.6.1
Ibm Rational Team Concert — versions 6.0.6, 6.0.6.1

References

www.ibm.com/support/pages/node/6475919 (x_refsource_CONFIRM)
ibm-jazz-cve20204974-ssrf (192434) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2020-4974?: CVE-2020-4974 is a medium-severity vulnerability in Ibm Engineering Lifecycle Optimization. CVSS score: 6.3/10. Published 2021-07-28.
How severe is CVE-2020-4974?: Medium severity. CVSS v3 base score is 6.3 out of 10.