Cross-Origin Resource Sharing (CORS) vulnerability in IBM Spectrum Protect Plus may allow privileged actions and retrieval of sensitive information.
CVEID:CVE-2021-20432
**DESCRIPTION:**IBM Spectrum Protect Plus uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196344 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus | 10.1.0-10.1.7 |
IBM Spectrum Protect Plus Release | First Fixing VRM Level | Platform | Link to Fix |
---|---|---|---|
10.1 | 10.1.8 | ||
Linux | <https://www.ibm.com/support/pages/node/6415111> |
None