Lucene search

IbmCVELIST:CVE-2021-29767

HistoryJul 26, 2021 - 12:10 p.m.

CVE-2021-29767

2021-07-2612:10:42

ibm

www.cve.org

ibm

i2 analyst's notebook

premium

remote attacker

sensitive information

technical error

browser

further attacks

system security

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

Confidence

High

EPSS

0.001

Percentile

42.4%

JSON

IBM i2 Analyst’s Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681.

CNA Affected

[
  {
    "product": "i2 Analyst's Notebook Premium",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.2.0"
      },
      {
        "status": "affected",
        "version": "9.2.1"
      },
      {
        "status": "affected",
        "version": "9.2.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/202681

www.ibm.com/support/pages/node/6474885

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

Confidence

High

EPSS

0.001

Percentile

42.4%

JSON

Related for CVELIST:CVE-2021-29767