Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767)

2021-07-2315:37:48

www.ibm.com

ibm i2 analyst's notebook premium

information disclosure

vulnerability

cve-2021-29767

software

security bulletin

EPSS

0.001

Percentile

42.4%

JSON

Summary

Excess information was disclosed in http requests from i2 Analist’s Notebook Premium to the i2 Analyze server.

Vulnerability Details

CVEID:CVE-2021-29767
**DESCRIPTION:**IBM i2 Analyst's Notebook Premium could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202681 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM i2 Analyst’s Notebook Premium	IBM i2 Analyst’s Notebook Premium 9.2.0
IBM i2 Analyst’s Notebook Premium	All
IBM i2 Analyst’s Notebook Premium	IBM i2 Analyst’s Notebook Premium 9.2.2
IBM i2 Analyst’s Notebook Premium	IBM i2 Analyst’s Notebook Premium 9.2.1