cvelist/2021/39xxx/CVE-2021-39016.json

{
    "data_format": "MITRE",
    "data_type": "CVE",
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "value": "Bypass Security",
                        "lang": "eng"
                    }
                ]
            }
        ]
    },
    "CVE_data_meta": {
        "ID": "CVE-2021-39016",
        "STATE": "PUBLIC",
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2022-07-13T00:00:00"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "6.0.6"
                                        },
                                        {
                                            "version_value": "6.0.6.1"
                                        },
                                        {
                                            "version_value": "7.0"
                                        },
                                        {
                                            "version_value": "7.0.1"
                                        },
                                        {
                                            "version_value": "7.0.2"
                                        }
                                    ]
                                },
                                "product_name": "Engineering Lifecycle Optimization Publishing"
                            }
                        ]
                    },
                    "vendor_name": "IBM"
                }
            ]
        }
    },
    "data_version": "4.0",
    "impact": {
        "cvssv3": {
            "BM": {
                "PR": "L",
                "C": "N",
                "I": "L",
                "UI": "N",
                "SCORE": "4.300",
                "S": "U",
                "AC": "L",
                "A": "N",
                "AV": "N"
            },
            "TM": {
                "RL": "O",
                "RC": "C",
                "E": "U"
            }
        }
    },
    "description": {
        "description_data": [
            {
                "value": "IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.",
                "lang": "eng"
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "title": "IBM Security Bulletin 6603335 (Engineering Lifecycle Optimization Publishing)",
                "name": "https://www.ibm.com/support/pages/node/6603335",
                "url": "https://www.ibm.com/support/pages/node/6603335",
                "refsource": "CONFIRM"
            },
            {
                "name": "ibm-engineering-cve202139016-sec-bypass (213722)",
                "title": "X-Force Vulnerability Report",
                "refsource": "XF",
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213722"
            }
        ]
    }
}