CVE-2021-20527 — Command Injection in IBM Resilient

CWE-77 — Command Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 54.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Resilient IBM Resilient Onprem

Timeline

PublishedApr 19

Latest updateMay 24

Description

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/resilient39.0 — 39.0.6536+5

▶CVEListV5ibm/resilient_onprem38.0

🔴Vulnerability Details

GHSA

GHSA-fc44-mm95-mf77: IBM Resilient SOAR V38↗2022-05-24

▶

CVEList

CVE-2021-20527: IBM Resilient SOAR V38↗2021-04-19

▶