21.0.3

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

ibm

NVD

Published: 2022-05-02

Updated: 2022-05-11

Summary

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Cloud PAK FOR Business Automation 21.0.1 IBM Cloud PAK FOR Business Automation 21.0.2 IBM Cloud PAK FOR Business Automation 21.0.3	27

References

https://www.ibm.com/support/pages/node/6578583
https://exchange.xforce.ibmcloud.com/vulnerabilities/206081