CVE-2021-29802 — Improper Privilege Management in IBM Resilient Security Orchestration Automation AND Response

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 72.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Resilient Security Orchestration Automation AND Response IBM Security

Timeline

PublishedAug 23

Latest updateMay 24

Description

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/resilient_security_orchestration_automation_and_response< 1.6.1

▶CVEListV5ibm/securitySOAR

🔴Vulnerability Details

GHSA

GHSA-wvfq-5xp8-rhv7: IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies↗2022-05-24

▶

CVEList

CVE-2021-29802: IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies↗2021-08-23

▶