IBM CP4S 1.10.x Log Disclosure Vulnerability (CVE-2021-39011)
CVE-2021-39011 Published on January 20, 2023

IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Products Associated with CVE-2021-39011

Want to know whenever a new CVE is published for IBM Cloud Pak For Security? stack.watch will email you.

IBM Cloud Pak For Security

Affected Versions

IBM Cloud Pak for Security:

Version 1.10.0.0 and below 1.10.6.0 is affected.

Exploit Probability

EPSS

0.26%

Percentile

49.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM CP4S 1.10.x Log Disclosure Vulnerability (CVE-2021-39011)CVE-2021-39011 Published on January 20, 2023

Vulnerability Analysis

Weakness Type

Insertion of Sensitive Information into Log File

Products Associated with CVE-2021-39011

Affected Versions

Exploit Probability

IBM CP4S 1.10.x Log Disclosure Vulnerability (CVE-2021-39011)
CVE-2021-39011 Published on January 20, 2023