Information Disclosure Vulnerability in IBM i2 Analyze
CVE-2021-29784

4.3MEDIUM

Key Information:

Vendor: IBM
Status: I2 Analyze
Vendor: CVE Published:; 26 July 2021

Summary

IBM i2 Analyze versions 4.3.0, 4.3.1, and 4.3.2 are vulnerable to a flaw that allows remote attackers to gain access to sensitive information when a detailed technical error message is displayed in the user's browser. This leak of sensitive data can potentially aid attackers in executing further malicious actions against the system, emphasizing the need for proper error handling and security measures.

Affected Version(s)

i2 Analyze 4.3.0

i2 Analyze 4.3.1

i2 Analyze 4.3.2

References

https://www.ibm.com/support/pages/node/6474875

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/203168

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2021
Vulnerability Reserved
Mar 31, 2021