CVE-2021-29697IBM Cloud PAK FOR Security vulnerability

3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 63.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK FOR Security
Timeline
PublishedAug 2
Latest updateMay 24

Description

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cloud_pak_for_security6 versions+5
NVDibm/cloud_pak6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-m5q7-r3q9-h4x3: IBM Cloud Pak for Security (CP4S) 12022-05-24
CVEList
CVE-2021-29697: IBM Cloud Pak for Security (CP4S) 12021-08-02