CVE-2021-29894

Description

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

CVSS breakdown

CVSS 3.0

Confidentiality

High

Privileges Required

None

Attack Complexity

High

Integrity

None

Availability

None

Scope

Unchanged

User Interaction

None

Attack Vector

Network

Unchanged

Changed

Affected products

ibm / cloud_pak_for_security1.7.0.0 – 1.7.0.0
ibm / cloud_pak_for_security1.7.1.0 – 1.7.1.0
ibm / cloud_pak_for_security1.7.2.0 – 1.7.2.0
ibm / cloud_pak_for_security1.8.0.0 – 1.8.0.0

References

MISChttps://www.ibm.com/support/pages/node/6493729
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/207320