IBM3DCB3936730BCDFF1A373A96DAF305571214510D12B8D4D30B5BE6C2410FAFB2Security Bulletin: IBM Security SOAR could allow a privileged user to import non-approved Python2 modules (CVE-2021-29780).
EPSS
Percentile
32.3%
Summary
It was possible for a privileged user to import non-approved Python2 modules to create a malicious script.
Vulnerability Details
CVEID:CVE-2021-29780
**DESCRIPTION:**IBM Resilient OnPrem could allow an authenticated user to perform actions that they should not have access to due to improper input validation.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Resilient OnPrem | IBM Security SOAR |
Remediation/Fixes
Users must install the v41.1 of IBM Security SOAR in order to obtain a fix for this vulnerability. Non-approved modules can no longer be importedβ¦
You can upgrade the platform by following the instructions in the βUpgrade Procedureβ section in the IBM Documentation.
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.3%