CVE-2021-20539

MEDIUM

IBM Cloud Pak for Security - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6476940

Scores

CVSS v3 5.3
EPSS 0.0094
EPSS Percentile 57.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (6)
ibm/cloud_pak_for_security 1.5.0.0
ibm/cloud_pak_for_security 1.5.1.0
ibm/cloud_pak_for_security 1.6.0.0
ibm/cloud_pak_for_security 1.6.1.0
ibm/cloud_pak_for_security 1.7.0.0
ibm/cloud_pak_for_security 1.7.1.0
Published Aug 02, 2021
Tracked Since Feb 18, 2026