CVE-2021-29859

moderate-risk

Published 2022-05-02

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

Do I need to act?

-

0.05% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.8/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Affected Vendors

Ibm

References (4)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/206081

Vendor Advisory https://www.ibm.com/support/pages/node/6578583

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/206081

Vendor Advisory https://www.ibm.com/support/pages/node/6578583

44

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 22/34 · High