Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM819C788EB426ED5A4066E9340D710F87D0D27986B20850127B4A9DA5E5838AD0
HistoryJul 30, 2021 - 5:05 a.m.

Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where an error message may disclose implementation details

2021-07-3005:05:55
www.ibm.com
7
ibm cloud pak
applications
vulnerability
disclosure
error message
security
remote attacker

EPSS

0.001

Percentile

32.8%

JSON

Summary

A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where an error message may disclose implementation details

Vulnerability Details

CVEID:CVE-2021-20424
**DESCRIPTION:**IBM Cloud Pak for Applications could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196309 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Applications All

Remediation/Fixes

IBM Cloud Pak for Applications v4.3.1 is updated to ensure error messages do not disclose implementation details, thereby opening up a possible security vulnerability. No separate APAR is provided.

Workarounds and Mitigations

None

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2021-20424
2021-07-13 16:15:08
prion
prion
Information disclosure
2021-07-13 16:15:00
cvelist
cvelist
CVE-2021-20424
2021-07-13 16:10:49
nvd
nvd
CVE-2021-20424
2021-07-13 16:15:08

EPSS

0.001

Percentile

32.8%

JSON
Related for 819C788EB426ED5A4066E9340D710F87D0D27986B20850127B4A9DA5E5838AD0
cve1prion1cvelist1nvd1