Privilege Escalation Vulnerability in IBM Cloud Pak System 2.3
CVE-2020-4912

4.7MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
4 January 2021

Summary

The IBM Cloud Pak System 2.3 Self Service Console has a vulnerability that could allow an attacker to escalate privileges through the capture of user request URLs when a user is logged in with elevated permissions. This could potentially lead to unauthorized actions being performed under the guise of a privileged user, exposing sensitive data and system functionality. Users of the affected software should apply the necessary patches or mitigations to protect their systems.

Affected Version(s)

Cloud Pak System 2.3

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.