CVE-2021-29696

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.0/AC:H/AV:N/A:H/S:C/I:H/PR:H/UI:N/C:H/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
ibmcloud_pak_for_security
1.5.0.0
ibmcloud_pak_for_security
1.5.0.1
ibmcloud_pak_for_security
1.6.0.0
ibmcloud_pak_for_security
1.6.1.0
ibmcloud_pak_for_security
1.7.0.0
ibmcloud_pak_for_security
1.7.1.0
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/200597
https://www.ibm.com/support/pages/node/6476940
https://exchange.xforce.ibmcloud.com/vulnerabilities/200597
https://www.ibm.com/support/pages/node/6476940