Lucene search

IbmCVELIST:CVE-2021-29907

HistoryAug 31, 2021 - 4:05 p.m.

CVE-2021-29907

2021-08-3116:05:11

ibm

www.cve.org

ibm openpages

arbitrary code execution

authenticated user

file upload

system vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

45.4%

JSON

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

CNA Affected

[
  {
    "product": "OpenPages with Watson",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.2"
      },
      {
        "status": "affected",
        "version": "8.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/207633

www.ibm.com/support/pages/node/6483607

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

45.4%

JSON

Related for CVELIST:CVE-2021-29907