CVE-2021-20565 — MEDIUM (5.3)

Vulnerability Description

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Cloud Pak For Security	1.4.0.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/199236VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6453115Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/199236VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6453115Vendor Advisory

FAQ

What is CVE-2021-20565?

CVE-2021-20565 is a vulnerability with a CVSS score of 5.3 (MEDIUM). IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an un...

How severe is CVE-2021-20565?

CVE-2021-20565 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20565?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Cloud Pak For Security.