IBMD5483992B89219C90503F4B50ABE4230371514330A080C237E4E2AB0AF73F4DCSecurity Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2021-20527)
EPSS
Percentile
35.4%
Summary
It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed.
Vulnerability Details
CVEID:CVE-2021-20527
**DESCRIPTION:**IBM Resilient SOAR could allow a privileged user to create create malicious scripts that could be executed as another user.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198759 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Resilient OnPrem | IBM Security SOAR |
Remediation/Fixes
Updated versions of the IBM Security SOAR Platform prevent this issue and are available for download on the following Release Download Locations page:
- Version 38.2.41
- Version 39.0.6536
- Version 39.1.46
- Version 39.2.21
- Version 40.0.6556
- Version 40.1.51
Earlier versions are not affected.
Users should upgrade as soon as convenient. The upgrade instructions are available on the following pages on IBM Documentation:
- Version 38.x - Upgrade Procedure.
- Version 39.x - Upgrade Procedure.
- Version 40.x - Upgrade Procedure.
Workarounds and Mitigations
None
Related
EPSS
Percentile
35.4%