Lucene search
IBM22A4CFBC97A4798B57714C63DB1D0661837C63156B2E9CD03BA5914925C6005AHistoryAug 12, 2021 - 1:54 p.m.
Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478)
2021-08-1213:54:09
www.ibm.com
13
ibm cloud pak system
self-service console
vulnerability
local user
upgrade
fixed release
EPSS
0
Percentile
5.1%
Summary
Vulnerability in self-sevice console affects IBM Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability.
Vulnerability Details
CVEID:CVE-2021-20478
**DESCRIPTION:**IBM Cloud Pak System could allow a local user in some situations to view the artifacts of another user in self service console.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197497 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Pak System | V2.3.3.0 - V2.3.3.3 |
Remediation/Fixes
For unsupported release(s), recommendation is to upgrade to a supported fixed release of the product.
- For IBM Cloud Pak System V2.3.3.1, V2.3.3.2, upgrade to IBM Cloud Pak System V2.3.3.3, and apply IBM Cloud Pak System V2.3.3.3 Interim Fix 1 from Fix Central.
- For IBM Cloud Pak System V2.3.3.3, apply IBM Cloud Pak System V2.3.3.3 Interim Fix 1 from Fix Central.
Information on upgrading here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2021-20478
2021-07-20 17:10:14
nvd
nvd
CVE-2021-20478
2021-07-20 17:15:07
prion
prion
Code injection
2021-07-20 17:15:00
cve
cve
CVE-2021-20478
2021-07-20 17:15:07