It was possible for a privileged user to import non-approved Python2 modules to create a malicious script.
CVEID:CVE-2021-29780
**DESCRIPTION:**IBM Resilient OnPrem could allow an authenticated user to perform actions that they should not have access to due to improper input validation.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Resilient OnPrem | IBM Security SOAR |
Users must install the v41.1 of IBM Security SOAR in order to obtain a fix for this vulnerability. Non-approved modules can no longer be importedβ¦
You can upgrade the platform by following the instructions in the βUpgrade Procedureβ section in the IBM Documentation.
None