Information Disclosure Vulnerability in IBM i2 Analyze
CVE-2021-29784
4.3MEDIUM
Summary
IBM i2 Analyze versions 4.3.0, 4.3.1, and 4.3.2 are vulnerable to a flaw that allows remote attackers to gain access to sensitive information when a detailed technical error message is displayed in the user's browser. This leak of sensitive data can potentially aid attackers in executing further malicious actions against the system, emphasizing the need for proper error handling and security measures.
Affected Version(s)
i2 Analyze 4.3.0
i2 Analyze 4.3.1
i2 Analyze 4.3.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved