CVE-2021-29859

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
3.5 LOW
PHYSICAL
LOW
NONE
CVSS:3.0/S:U/A:N/AV:P/PR:N/AC:L/C:L/I:L/UI:N/RC:C/E:U/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
ibmcloud_pak_for_business_automation
21.0.1
ibmcloud_pak_for_business_automation
21.0.1:interim_fix_001
ibmcloud_pak_for_business_automation
21.0.1:interim_fix_002
ibmcloud_pak_for_business_automation
21.0.1:interim_fix_003
ibmcloud_pak_for_business_automation
21.0.1:interim_fix_004
ibmcloud_pak_for_business_automation
21.0.1:interim_fix_005
ibmcloud_pak_for_business_automation
21.0.1:interim_fix_006
ibmcloud_pak_for_business_automation
21.0.1:interim_fix_007
ibmcloud_pak_for_business_automation
21.0.2
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_001
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_002
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_003
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_004
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_005
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_006
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_007
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_008
ibmcloud_pak_for_business_automation
21.0.2:interim_fix_009
ibmcloud_pak_for_business_automation
21.0.3
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_001
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_002
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_003
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_004
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_005
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_006
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_007
ibmcloud_pak_for_business_automation
21.0.3:interim_fix_008
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/206081
https://www.ibm.com/support/pages/node/6578583
https://exchange.xforce.ibmcloud.com/vulnerabilities/206081
https://www.ibm.com/support/pages/node/6578583