Sign-up

ID

VAR-202206-2161


CVE

CVE-2021-38879


TITLE

IBM Jazz Team Server  Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014688

DESCRIPTION

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. Vendors may IBM X-Force ID: 209057 It is published as.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-38879 // JVNDB: JVNDB-2022-014688 // VULMON: CVE-2021-38879

AFFECTED PRODUCTS

vendor:ibmmodel:jazz team serverscope:eqversion:7.0.2

Trust: 1.8

vendor:ibmmodel:jazz team serverscope:eqversion:6.0.6

Trust: 1.8

vendor:ibmmodel:jazz team serverscope:eqversion:7.0

Trust: 1.8

vendor:ibmmodel:jazz team serverscope:eqversion:7.0.1

Trust: 1.8

vendor:ibmmodel:jazz team serverscope:eqversion:6.0.6.1

Trust: 1.8

vendor:ibmmodel:jazz team serverscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-014688 // NVD: CVE-2021-38879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-38879
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2021-38879
value: LOW

Trust: 1.0

NVD: CVE-2021-38879
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-2489
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-38879
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-38879
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-38879
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2021-38879
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2021-38879
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-38879 // JVNDB: JVNDB-2022-014688 // CNNVD: CNNVD-202206-2489 // NVD: CVE-2021-38879 // NVD: CVE-2021-38879

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-014688 // NVD: CVE-2021-38879

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2489

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2489

PATCH

title:6597501 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6597501

Trust: 0.8

title:IBM Jazz Team Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198508

Trust: 0.6

sources: JVNDB: JVNDB-2022-014688 // CNNVD: CNNVD-202206-2489

EXTERNAL IDS

db:NVDid:CVE-2021-38879

Trust: 3.3

db:JVNDBid:JVNDB-2022-014688

Trust: 0.8

db:CNNVDid:CNNVD-202206-2489

Trust: 0.6

db:VULMONid:CVE-2021-38879

Trust: 0.1

sources: VULMON: CVE-2021-38879 // JVNDB: JVNDB-2022-014688 // CNNVD: CNNVD-202206-2489 // NVD: CVE-2021-38879

REFERENCES

url:https://www.ibm.com/support/pages/node/6597501

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/209057

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-38879

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-38879/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/668.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-38879 // JVNDB: JVNDB-2022-014688 // CNNVD: CNNVD-202206-2489 // NVD: CVE-2021-38879

SOURCES

db:VULMONid:CVE-2021-38879
db:JVNDBid:JVNDB-2022-014688
db:CNNVDid:CNNVD-202206-2489
db:NVDid:CVE-2021-38879

LAST UPDATE DATE

2024-08-14T14:31:08.648000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-38879date:2022-06-30T00:00:00
db:JVNDBid:JVNDB-2022-014688date:2023-09-21T04:59:00
db:CNNVDid:CNNVD-202206-2489date:2022-07-15T00:00:00
db:NVDid:CVE-2021-38879date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-38879date:2022-06-24T00:00:00
db:JVNDBid:JVNDB-2022-014688date:2023-09-21T00:00:00
db:CNNVDid:CNNVD-202206-2489date:2022-06-24T00:00:00
db:NVDid:CVE-2021-38879date:2022-06-24T17:15:08.280