It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed.
CVEID:CVE-2021-20527
**DESCRIPTION:**IBM Resilient SOAR could allow a privileged user to create create malicious scripts that could be executed as another user.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198759 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L)
Affected Product(s) | Version(s) |
---|---|
Resilient OnPrem | IBM Security SOAR |
Updated versions of the IBM Security SOAR Platform prevent this issue and are available for download on the following Release Download Locations page:
Earlier versions are not affected.
Users should upgrade as soon as convenient. The upgrade instructions are available on the following pages on IBM Documentation:
None