Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM66B18704D362DFA43D6DA4A1689016197C8BC5C64215E88470B5462BA7BB5017
HistoryApr 24, 2021 - 12:12 a.m.

Security Bulletin: Cross-Origin Resource Sharing (CORS) vulnerability in IBM Spectrum Protect Plus (CVE-2021-20432)

2021-04-2400:12:57
www.ibm.com
11

0.001 Low

EPSS

Percentile

27.9%

JSON

Summary

Cross-Origin Resource Sharing (CORS) vulnerability in IBM Spectrum Protect Plus may allow privileged actions and retrieval of sensitive information.

Vulnerability Details

CVEID:CVE-2021-20432
**DESCRIPTION:**IBM Spectrum Protect Plus uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196344 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Plus 10.1.0-10.1.7

Remediation/Fixes

IBM Spectrum Protect Plus Release First Fixing VRM Level Platform Link to Fix
10.1 10.1.8
Linux <https://www.ibm.com/support/pages/node/6415111&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protect pluseq10.1

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2021-20432
2021-04-26 17:15:07
prion
prion
Cross site scripting
2021-04-26 17:15:00
cvelist
cvelist
CVE-2021-20432
2021-04-23 00:00:00
cve
cve
CVE-2021-20432
2021-04-26 17:15:07

0.001 Low

EPSS

Percentile

27.9%

JSON
Related for 66B18704D362DFA43D6DA4A1689016197C8BC5C64215E88470B5462BA7BB5017
nvd1prion1cvelist1cve1