CVE-2021-20479

CWE-327Broken Cryptographic Algorithm3 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 73.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK System
Timeline
PublishedMay 9
Latest updateMay 10

Description

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/cloud_pak_system2.3.0.02.3.3.4
CVEListV5ibm/cloud_pak_system2.3.0, 2.3.3.3.Interim.Fix1+1

🔴Vulnerability Details

2
GHSA
GHSA-xr5m-vqc6-vc94: IBM Cloud Pak System 22022-05-10
CVEList
CVE-2021-20479: IBM Cloud Pak System 22022-05-09
CVE-2021-20479 (HIGH CVSS 7.5) | IBM Cloud Pak System 2.3.0 through | cvebase.io