CVE-2021-20540

Summary

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak for Security1.6.0.0affected
IBMCloud Pak for Security1.5.0.1affected
IBMCloud Pak for Security1.5.0.0affected
IBMCloud Pak for Security1.6.0.1affected
IBMCloud Pak for Security1.7.0.0affected
IBMCloud Pak for Security1.7.1.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References