CVE-2021-29859 LOW

CVE-2021-29859

Vendor Ibm
Product Cloud Pak for Business Automation
Published May 2, 2022
Last update September 16, 2024

CVSS base score

3.5/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/S:U/A:N/AV:P/PR:N/AC:L/C:L/I:L/UI:N/RC:C/E:U/RL:O

What the vulnerability does

01Description

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

Key dates

02Disclosure timeline

May 2, 2022 CVE published
September 16, 2024 Record updated