What the vulnerability does
01Description
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.
CVE-2021-39089
MEDIUM
CVE-2021-39089: IBM Cloud Pak for Security information disclosure
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
January 20, 2023
CVE published
March 31, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-24487 OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource
CVE-2023-6266 Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure
CVE-2018-14803
CVE-2025-9209 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT
CVE-2020-15250 Information disclosure in JUnit4
