CVE-2021-29844

Q: What is the severity of CVE-2021-29844?

CVE-2021-29844 has a CVSS score of 8.8 (HIGH). CVE-2021-29844 is a server-side request forgery (SSRF) vulnerability in IBM Jazz Team Server products that allows authenticated attackers to make unauthorized requests from the server. This could enable network scanning, internal service enumeration, or facilitate other attacks. Organizations using affected IBM Jazz products are vulnerable.

8.8 HIGH

SSRF

📋 TL;DR

CVE-2021-29844 is a server-side request forgery (SSRF) vulnerability in IBM Jazz Team Server products that allows authenticated attackers to make unauthorized requests from the server. This could enable network scanning, internal service enumeration, or facilitate other attacks. Organizations using affected IBM Jazz products are vulnerable.

💻 Affected Systems

Products:

IBM Jazz Team Server
IBM Engineering Lifecycle Management
IBM Rational Collaborative Lifecycle Management
IBM Rational DOORS Next
IBM Rational Engineering Lifecycle Manager
IBM Rational Team Concert
IBM Rational Quality Manager

Versions: 7.0, 7.0.1, 7.0.2, 6.0.6, 6.0.6.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to exploit. All deployments with affected versions are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to internal systems, exfiltrates sensitive data, or uses the server as a pivot point for lateral movement within the network.

🟠

Likely Case

Internal network enumeration, unauthorized access to internal services, or information disclosure about internal infrastructure.

🟢

If Mitigated

Limited impact due to network segmentation, proper authentication controls, and request filtering.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SSRF vulnerabilities are commonly exploited. While no public PoC exists, the vulnerability type is well-understood and easily weaponized by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.2 iFix006, 6.0.6.1 iFix008, or later

Vendor Advisory: https://www.ibm.com/support/pages/node/6508583

Restart Required: Yes

Instructions:

1. Download appropriate iFix from IBM Fix Central. 2. Stop Jazz Team Server. 3. Apply iFix according to IBM instructions. 4. Restart Jazz Team Server. 5. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from Jazz servers to only necessary services

Authentication Hardening

all

Implement strong authentication controls and limit user privileges

🧯 If You Can't Patch

Implement strict network egress filtering to limit what the Jazz server can access
Monitor for unusual outbound requests from Jazz servers and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check Jazz Team Server version via administrative console or version.txt file. If version is 7.0, 7.0.1, 7.0.2, 6.0.6, or 6.0.6.1 without appropriate iFix, system is vulnerable.

Check Version:

Check Jazz installation directory for version.txt or use administrative console

Verify Fix Applied:

Verify version shows iFix006 (for 7.0.2) or iFix008 (for 6.0.6.1) applied. Check patch logs and verify no SSRF attempts succeed.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Jazz server
Requests to internal IP ranges from Jazz application
Multiple failed authentication attempts followed by SSRF patterns

Network Indicators:

Jazz server making requests to unexpected internal services
Port scanning activity originating from Jazz server IP

SIEM Query:

source="jazz_server" AND (url="http://internal*" OR url="https://internal*") AND method="GET|POST"

📊 Metadata

CVE ID: CVE-2021-29844

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: October 27, 2021

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/6508583 Patch,Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/6508583 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Engineering Lifecycle Optimization by Ibm

Engineering Lifecycle Optimization by Ibm

Engineering Lifecycle Optimization by Ibm

Engineering Requirements Quality Assistant On Premises by Ibm

Engineering Workflow Management by Ibm

Engineering Workflow Management by Ibm

Engineering Workflow Management by Ibm

Rational Doors Next Generation by Ibm

Rational Doors Next Generation by Ibm

Rational Doors Next Generation by Ibm

Rational Doors Next Generation by Ibm

Rational Doors Next Generation by Ibm

Rational Engineering Lifecycle Manager by Ibm

Rational Engineering Lifecycle Manager by Ibm

Rational Engineering Lifecycle Manager by Ibm

Rational Rhapsody Design Manager by Ibm

Rational Team Concert by Ibm

Rational Team Concert by Ibm

Rational Team Concert by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Authentication Hardening

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities