{"cve":{"cve_id":"CVE-2020-4974","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00598,"epss_percentile":0.43985,"epss_as_of":"2026-06-23","description":"IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.","published_at":"2021-07-28T12:25:11.431000Z","last_modified_at":null,"cvss_v3_score":6.3,"cvss_v3_vector":"CVSS:3.0/A:L/UI:N/C:L/AV:N/PR:L/I:L/AC:L/S:U/RC:C/E:U/RL:O","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://www.ibm.com/support/pages/node/6475919","https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:14:24.437790Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.0","metrics":[{"metric":"A","name":"Availability","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"RC","name":"RC","value":"C","value_label":"Changed"},{"metric":"E","name":"E","value":"U","value_label":"Unchanged"},{"metric":"RL","name":"RL","value":"O","value_label":"O"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-lifecycle-optimization","product_name":"Engineering Lifecycle Optimization","version_start":"7.0.2","version_start_inclusive":true,"version_end":"7.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-lifecycle-optimization:7.0.2:7.0.2"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-lifecycle-optimization","product_name":"Engineering Lifecycle Optimization","version_start":"7.0.1","version_start_inclusive":true,"version_end":"7.0.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-lifecycle-optimization:7.0.1:7.0.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-lifecycle-optimization","product_name":"Engineering Lifecycle Optimization","version_start":"7.0","version_start_inclusive":true,"version_end":"7.0","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-lifecycle-optimization:7.0:7.0"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-test-management","product_name":"Engineering Test Management","version_start":"7.0.0","version_start_inclusive":true,"version_end":"7.0.0","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-test-management:7.0.0:7.0.0"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-test-management","product_name":"Engineering Test Management","version_start":"7.0.1","version_start_inclusive":true,"version_end":"7.0.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-test-management:7.0.1:7.0.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-test-management","product_name":"Engineering Test Management","version_start":"7.0.2","version_start_inclusive":true,"version_end":"7.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-test-management:7.0.2:7.0.2"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-workflow-management","product_name":"engineering_workflow_management","version_start":"7.0.2","version_start_inclusive":true,"version_end":"7.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-workflow-management:7.0.2:7.0.2"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-workflow-management","product_name":"engineering_workflow_management","version_start":"7.0.1","version_start_inclusive":true,"version_end":"7.0.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-workflow-management:7.0.1:7.0.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"engineering-workflow-management","product_name":"engineering_workflow_management","version_start":"7.0","version_start_inclusive":true,"version_end":"7.0","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:engineering-workflow-management:7.0:7.0"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-collaborative-lifecycle-management","product_name":"Rational Collaborative Lifecycle Management","version_start":"6.0.2","version_start_inclusive":true,"version_end":"6.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-collaborative-lifecycle-management:6.0.2:6.0.2"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-collaborative-lifecycle-management","product_name":"Rational Collaborative Lifecycle Management","version_start":"6.0.6","version_start_inclusive":true,"version_end":"6.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-collaborative-lifecycle-management:6.0.6:6.0.6"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-collaborative-lifecycle-management","product_name":"Rational Collaborative Lifecycle Management","version_start":"6.0.6.1","version_start_inclusive":true,"version_end":"6.0.6.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-collaborative-lifecycle-management:6.0.6.1:6.0.6.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-doors-next-generation","product_name":"Rational DOORS Next Generation","version_start":"7.0","version_start_inclusive":true,"version_end":"7.0","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-doors-next-generation:7.0:7.0"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-doors-next-generation","product_name":"Rational DOORS Next Generation","version_start":"6.0.6.1","version_start_inclusive":true,"version_end":"6.0.6.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-doors-next-generation:6.0.6.1:6.0.6.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-doors-next-generation","product_name":"Rational DOORS Next Generation","version_start":"6.0.6","version_start_inclusive":true,"version_end":"6.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-doors-next-generation:6.0.6:6.0.6"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-doors-next-generation","product_name":"Rational DOORS Next Generation","version_start":"7.0.1","version_start_inclusive":true,"version_end":"7.0.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-doors-next-generation:7.0.1:7.0.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-doors-next-generation","product_name":"Rational DOORS Next Generation","version_start":"7.0.2","version_start_inclusive":true,"version_end":"7.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-doors-next-generation:7.0.2:7.0.2"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-engineering-lifecycle-manager","product_name":"Rational Engineering Lifecycle Manager","version_start":"6.0.6","version_start_inclusive":true,"version_end":"6.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-engineering-lifecycle-manager:6.0.6:6.0.6"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-engineering-lifecycle-manager","product_name":"Rational Engineering Lifecycle Manager","version_start":"6.0.6.1","version_start_inclusive":true,"version_end":"6.0.6.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-engineering-lifecycle-manager:6.0.6.1:6.0.6.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-engineering-lifecycle-manager","product_name":"Rational Engineering Lifecycle Manager","version_start":"6.0.2","version_start_inclusive":true,"version_end":"6.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-engineering-lifecycle-manager:6.0.2:6.0.2"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-quality-manager","product_name":"Rational Quality Manager","version_start":"6.0.6.1","version_start_inclusive":true,"version_end":"6.0.6.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-quality-manager:6.0.6.1:6.0.6.1"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-quality-manager","product_name":"Rational Quality Manager","version_start":"6.0.6","version_start_inclusive":true,"version_end":"6.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-quality-manager:6.0.6:6.0.6"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-team-concert","product_name":"Rational Team Concert","version_start":"6.0.6","version_start_inclusive":true,"version_end":"6.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-team-concert:6.0.6:6.0.6"},{"vendor_slug":"ibm","vendor_name":"ibm","product_slug":"rational-team-concert","product_name":"Rational Team Concert","version_start":"6.0.6.1","version_start_inclusive":true,"version_end":"6.0.6.1","version_end_inclusive":true,"cpe23_uri":"cve5:ibm:rational-team-concert:6.0.6.1:6.0.6.1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.ibm.com/support/pages/node/6475919","source_type":"MISC","tags":[]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/192434","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2021-07-28T12:25:11.431000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:04:06.424325Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:04:06.424325Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:04:06.424325Z","label":"CVSS score revised","source":"cvelistv5"}]}