CVE-2021-29859

3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 84.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK FOR Business Automation
Timeline
PublishedMay 2
Latest updateMay 3

Description

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cloud_pak_for_business_automation12 versions+11
NVDibm/cloud_pak21.0.1, 21.0.2, 21.0.3+2

🔴Vulnerability Details

2
GHSA
GHSA-q6gh-mcpp-qm8j: IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V212022-05-03
CVEList
CVE-2021-29859: IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V212022-05-02
CVE-2021-29859 (MEDIUM CVSS 6.8) | IBM ICP4A - User Management System | cvebase.io