IBM952F733130422E8C7D7BFCB888CF74FEA8E4CC058D41A13ACE7E511494E503A9Security Bulletin: IBM Cloud Pak for Applications v4.3 does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
0.001 Low
EPSS
Percentile
39.9%
Summary
IBM Cloud Pak for Applications v4.3 does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Vulnerability Details
CVEID:CVE-2021-20423
**DESCRIPTION:**IBM Cloud Pak for Applications could allow an authenticated user gain escalated privilesges due to improper application permissions.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196308 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Pak for Applications | All |
Remediation/Fixes
IBM Cloud Pak for Applications v 4.3.1 provides a solution that ensures actors have the proper permissions to for the scope of their role. No separate APAR is provided.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud pak for applications | eq | any |
Related
0.001 Low
EPSS
Percentile
39.9%