Local Information Disclosure Vulnerability in IBM AIX and VIOS
CVE-2021-29861

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Aix; ViOS
Vendor: CVE Published:; 17 November 2021

What is CVE-2021-29861?

A vulnerability exists in IBM AIX 7.1, 7.2, and VIOS 3.1 that could allow non-privileged local users to exploit a flaw in the EFS. This vulnerability may enable local users to access sensitive information that should be protected. Organizations using these versions are advised to implement necessary security measures and consult IBM's guidance to mitigate potential risks.

Affected Version(s)

AIX 7.1

AIX 7.2

VIOS 3.1

References

https://www.ibm.com/support/pages/node/6516786

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/206085

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2021
Vulnerability Reserved
Mar 31, 2021