CVE-2021-20540

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ibmCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.0/AC:L/AV:N/A:N/S:U/C:L/UI:N/PR:H/I:N/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
ibmcloud_pak_for_security
1.5.0.0
ibmcloud_pak_for_security
1.5.1.0
ibmcloud_pak_for_security
1.6.0.0
ibmcloud_pak_for_security
1.6.1.0
ibmcloud_pak_for_security
1.7.0.0
ibmcloud_pak_for_security
1.7.1.0
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/198923
https://www.ibm.com/support/pages/node/6476940
https://exchange.xforce.ibmcloud.com/vulnerabilities/198923
https://www.ibm.com/support/pages/node/6476940