April 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-36127 – Apache SkyWalking NodeJS Agent Vulnerability
July 20, 2022Rewterz Threat Advisory –Multiple IBM Sterling Partner Engagement Manager Vulnerabilities
July 20, 2022Rewterz Threat Advisory – CVE-2022-36127 – Apache SkyWalking NodeJS Agent Vulnerability
July 20, 2022Rewterz Threat Advisory –Multiple IBM Sterling Partner Engagement Manager Vulnerabilities
July 20, 2022
Severity
Medium
Analysis Summary
CVE-2021-39018 CVSS:4.3
IBM Engineering Lifecycle Optimization – Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system.
CVE-2021-39017 CVSS:5,7
IBM Engineering Lifecycle Optimization – Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls.
Impact
- Information Disclosure
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2021-39018
- CVE-2021-39017
Affected Vendors
IBM
Affected Products
- IBM Engineering Lifecycle Optimization Publishing 6.0.6
- IBM Engineering Lifecycle Optimization Publishing 6.0.6.1
- IBM Engineering Lifecycle Optimization Publishing 7.0
- IBM Engineering Lifecycle Optimization Publishing 7.0.1
- IBM Engineering Lifecycle Optimization Publishing 7.0.2
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.
IBM Security Bulletin
