CVE-2021-20538 — CRITICAL (9.1)

Vulnerability Description

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Cloud Pak For Security	1.5.0.0

Related Weaknesses (CWE)

CWE-863

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/198919VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6450849Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/198919VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6450849Vendor Advisory

FAQ

What is CVE-2021-20538?

CVE-2021-20538 is a vulnerability with a CVSS score of 9.1 (CRITICAL). IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IB...

How severe is CVE-2021-20538?

CVE-2021-20538 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-20538?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Cloud Pak For Security.