Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-29859

Published: May 02, 2022 | Modified: May 11, 2022
CVSS 3.x
6.8
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-29859
CWEhttps://cwe.mitre.org/data/definitions/.html

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

Affected Software

Name Vendor Start Version End Version
Cloud_pak_for_business_automation Ibm 21.0.1 (including) 21.0.1 (including)
Cloud_pak_for_business_automation Ibm 21.0.1-interim_fix_001 (including) 21.0.1-interim_fix_001 (including)
Cloud_pak_for_business_automation Ibm 21.0.1-interim_fix_002 (including) 21.0.1-interim_fix_002 (including)
Cloud_pak_for_business_automation Ibm 21.0.1-interim_fix_003 (including) 21.0.1-interim_fix_003 (including)
Cloud_pak_for_business_automation Ibm 21.0.1-interim_fix_004 (including) 21.0.1-interim_fix_004 (including)
Cloud_pak_for_business_automation Ibm 21.0.1-interim_fix_005 (including) 21.0.1-interim_fix_005 (including)
Cloud_pak_for_business_automation Ibm 21.0.1-interim_fix_006 (including) 21.0.1-interim_fix_006 (including)
Cloud_pak_for_business_automation Ibm 21.0.1-interim_fix_007 (including) 21.0.1-interim_fix_007 (including)
Cloud_pak_for_business_automation Ibm 21.0.2 (including) 21.0.2 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_001 (including) 21.0.2-interim_fix_001 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_002 (including) 21.0.2-interim_fix_002 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_003 (including) 21.0.2-interim_fix_003 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_004 (including) 21.0.2-interim_fix_004 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_005 (including) 21.0.2-interim_fix_005 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_006 (including) 21.0.2-interim_fix_006 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_007 (including) 21.0.2-interim_fix_007 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_008 (including) 21.0.2-interim_fix_008 (including)
Cloud_pak_for_business_automation Ibm 21.0.2-interim_fix_009 (including) 21.0.2-interim_fix_009 (including)
Cloud_pak_for_business_automation Ibm 21.0.3 (including) 21.0.3 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_001 (including) 21.0.3-interim_fix_001 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_002 (including) 21.0.3-interim_fix_002 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_003 (including) 21.0.3-interim_fix_003 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_004 (including) 21.0.3-interim_fix_004 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_005 (including) 21.0.3-interim_fix_005 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_006 (including) 21.0.3-interim_fix_006 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_007 (including) 21.0.3-interim_fix_007 (including)
Cloud_pak_for_business_automation Ibm 21.0.3-interim_fix_008 (including) 21.0.3-interim_fix_008 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use