Vulnerabilities > CVE-2021-20538 - Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
ibm
CWE-863
critical

Summary

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.

Vulnerable Configurations

Part Description Count
Application
Ibm
2

Common Weakness Enumeration (CWE)