Medium Severity

Security Bulletin: IBM Cloud Pak for Security is vulnerable to CVE-2021-20538 and CVE-2021-20577

Share this post:

IBM Cloud Pak for Security versions 1.5.0.1 and earlier is vulnerable to the following CVEs: CVE-2021-20538, meaning that sensitive information can be obtained by the user without sufficient authorisation. CVE-2021-20577, allowing cross side scripting that can potentially lead to credentials disclosure. These are addressed in CP4S 1.6.0.0 and later versions

CVE(s): CVE-2021-20538, CVE-2021-20577

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.5.0.0
Cloud Pak for Security (CP4S) 1.5.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6450849
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198919
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199281

More stories

Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)

Jun 19, 2021 8:00 pm EDT | Medium Severity

WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more


Security Bulletin: IBM Security Identity Manager Virtual Appliance deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Jun 17, 2021 8:00 pm EDT | Medium Severity

IBM Security Identity Manager Virtual Appliance made code changes to remove the deprecated function and its associated Struts V1 code library. ...read more


Security Bulletin: IBM Security Identity Manager deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Jun 17, 2021 8:00 pm EDT | Medium Severity

IBM Security Identity Manager made code changes to remove the deprecated function and its related Struts V1 code library. ...read more