CVE-2021-39051
Description
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Spectrum Copy Data Management 2.2.0.0-2.2.14.3 vulnerable to SSRF via improper input validation in the application server registration function, allowing remote attackers to enumerate and attack internal services.
Vulnerability
IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3 are vulnerable to server-side request forgery (SSRF) due to improper input validation in the application server registration function. The host address and port fields in the portal UI registration form fail to sanitize user input, enabling an attacker to manipulate the server into making requests to arbitrary hosts [1].
Exploitation
An unauthenticated remote attacker with network access to the portal UI can exploit the vulnerability by supplying crafted values in the host and port fields of the application server registration form. This can lead to the server sending HTTP requests to attacker-specified targets, potentially reaching internal systems that are otherwise not directly accessible from the internet [1].
Impact
Successful exploitation allows the attacker to scan internal networks for open ports, identify running services, and interact with those services as if originating from the vulnerable server. This can result in information disclosure, escalation of attacks against internal systems, or further compromise of the environment [1].
Mitigation
IBM has released a security bulletin addressing this vulnerability. Users should upgrade to a fixed version as specified in the bulletin [1]. No workaround is currently available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.2.0.0 - 2.2.14.3
- IBM/Spectrum Copy Data Managementv5Range: 2.2.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/214441mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6562479mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.