Sensitive Information Exposure in IBM i2 iBase Software
CVE-2021-29868

4MEDIUM

Key Information:

Vendor: IBM
Status: I2 Ibase
Vendor: CVE Published:; 27 October 2021

Summary

IBM i2 iBase versions 8.9.13 and 9.0.0 are susceptible to a security vulnerability that allows a local attacker to obtain sensitive information. This occurs due to insufficient session expiration mechanisms. To mitigate this issue, it is essential for users of the affected versions to implement appropriate security measures and stay updated with the latest patches.

Affected Version(s)

i2 iBase 8.9.13

i2 iBase 9.0.0

References

https://www.ibm.com/support/pages/node/6508776

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/206213

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2021
Vulnerability Reserved
Mar 31, 2021