IBM Cloud Pak for Applications v4.3 does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVEID:CVE-2021-20423
**DESCRIPTION:**IBM Cloud Pak for Applications could allow an authenticated user gain escalated privilesges due to improper application permissions.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196308 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak for Applications | All |
IBM Cloud Pak for Applications v 4.3.1 provides a solution that ensures actors have the proper permissions to for the scope of their role. No separate APAR is provided.
None