CVE-2021-29696

Description

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

CVSS breakdown

CVSS 3.0

Attack Complexity

High

Attack Vector

Network

Availability

High

Scope

Changed

Integrity

High

Privileges Required

High

User Interaction

None

Confidentiality

High

Unchanged

Changed

Affected products

ibm / cloud_pak_for_security1.7.0.0 – 1.7.0.0
ibm / cloud_pak_for_security1.7.1.0 – 1.7.1.0
ibm / cloud_pak_for_security1.6.0.0 – 1.6.0.0
ibm / cloud_pak_for_security1.5.0.1 – 1.5.0.1
ibm / cloud_pak_for_security1.5.0.0 – 1.5.0.0
ibm / cloud_pak_for_security1.6.0.1 – 1.6.0.1

References

MISChttps://www.ibm.com/support/pages/node/6476940
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/200597