User Management Flaw in IBM Cloud Pak for Business Automation
CVE-2021-29859

3.5LOW

Key Information:

Vendor: IBM
Status: Cloud Pak For Business Automation
Vendor: CVE Published:; 2 May 2022

Summary

A flaw in the User Management System of IBM Cloud Pak for Business Automation could enable individuals with physical access to execute unauthorized actions and potentially access sensitive information. This issue arises from inadequate validation and the inability to revoke another user's logged-in session properly. Organizations utilizing affected versions should assess their physical security measures and consider updates or patches provided by IBM.

Affected Version(s)

Cloud Pak for Business Automation 18.0.0

Cloud Pak for Business Automation 18.0.1

Cloud Pak for Business Automation 18.0.2

References

https://www.ibm.com/support/pages/node/6578583

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/206081

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2022
Vulnerability Reserved
Mar 31, 2021