CVE-2021-20578

CRITICAL

IBM Cloud Pak for Security - Privilege Escalation

Title source: llm
STIX 2.1

Description

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6493729
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/199282

Scores

CVSS v3 9.8
EPSS 0.0011
EPSS Percentile 29.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (3)
ibm/cloud_pak_for_security 1.7.0.0
ibm/cloud_pak_for_security 1.7.1.0
ibm/cloud_pak_for_security 1.7.2.0
Published Sep 30, 2021
Tracked Since Feb 18, 2026