Privilege Escalation Vulnerability in IBM Cloud Pak System 2.3
CVE-2020-4912
4.7MEDIUM
Summary
The IBM Cloud Pak System 2.3 Self Service Console has a vulnerability that could allow an attacker to escalate privileges through the capture of user request URLs when a user is logged in with elevated permissions. This could potentially lead to unauthorized actions being performed under the guise of a privileged user, exposing sensitive data and system functionality. Users of the affected software should apply the necessary patches or mitigations to protect their systems.
Affected Version(s)
Cloud Pak System 2.3
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved