Privilege Escalation Vulnerability in IBM Cloud Pak System 2.3
CVE-2020-4912

4.7MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Pak System
Vendor: CVE Published:; 4 January 2021

What is CVE-2020-4912?

The IBM Cloud Pak System 2.3 Self Service Console has a vulnerability that could allow an attacker to escalate privileges through the capture of user request URLs when a user is logged in with elevated permissions. This could potentially lead to unauthorized actions being performed under the guise of a privileged user, exposing sensitive data and system functionality. Users of the affected software should apply the necessary patches or mitigations to protect their systems.

Affected Version(s)

Cloud Pak System 2.3

References

https://www.ibm.com/support/pages/node/6393554

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191287

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2021
Vulnerability Reserved
Dec 30, 2019