Lucene search

IbmCVELIST:CVE-2021-20565

HistoryMay 14, 2021 - 4:15 p.m.

CVE-2021-20565

2021-05-1416:15:38

ibm

www.cve.org

ibm cloud pak

security vulnerability

input protection mechanism

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

25.4%

JSON

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236.

CNA Affected

[
  {
    "product": "Cloud Pak for Security",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.0.0"
      },
      {
        "status": "affected",
        "version": "1.6.0.0"
      },
      {
        "status": "affected",
        "version": "1.5.0.1"
      },
      {
        "status": "affected",
        "version": "1.5.0.0"
      },
      {
        "status": "affected",
        "version": "1.6.0.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/199236

www.ibm.com/support/pages/node/6453115

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

25.4%

JSON

Related for CVELIST:CVE-2021-20565