CVE-2021-29859

Summary

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak for Business Automation18.0.0affected
IBMCloud Pak for Business Automation18.0.1affected
IBMCloud Pak for Business Automation18.0.2affected
IBMCloud Pak for Business Automation19.0.1affected
IBMCloud Pak for Business Automation19.0.2affected
IBMCloud Pak for Business Automation19.0.3affected
IBMCloud Pak for Business Automation20.0.1affected
IBMCloud Pak for Business Automation20.0.2affected
IBMCloud Pak for Business Automation20.0.3affected
IBMCloud Pak for Business Automation21.0.1affected
IBMCloud Pak for Business Automation21.0.2affected
IBMCloud Pak for Business Automation21.0.3affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References