Information Disclosure Vulnerability in IBM Cloud Pak for Data
CVE-2021-38899
4.4MEDIUM
Summary
IBM Cloud Pak for Data version 2.5 is susceptible to an information disclosure vulnerability that may permit a local user with specific privileges to access sensitive information that should remain confidential. This issue highlights the importance of user privilege management and protective measures to secure critical data from unauthorized access.
Affected Version(s)
Cloud Pak for Data 2.5
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved