CVE-2021-20540
2.7
CVSS:3.0/AC:L/AV:N/A:N/S:U/C:L/UI:N/PR:H/I:N/E:U/RC:C/RL:O
Summary
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Cloud Pak for Security | 1.6.0.0 | affected |
| IBM | Cloud Pak for Security | 1.5.0.1 | affected |
| IBM | Cloud Pak for Security | 1.5.0.0 | affected |
| IBM | Cloud Pak for Security | 1.6.0.1 | affected |
| IBM | Cloud Pak for Security | 1.7.0.0 | affected |
| IBM | Cloud Pak for Security | 1.7.1.0 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6476940
- https://exchange.xforce.ibmcloud.com/vulnerabilities/198923
References
- https://www.ibm.com/support/pages/node/6476940
- https://exchange.xforce.ibmcloud.com/vulnerabilities/198923
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.