Information Disclosure Vulnerability in IBM Cloud Pak for Data
CVE-2021-38899

4.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
20 September 2021

Summary

IBM Cloud Pak for Data version 2.5 is susceptible to an information disclosure vulnerability that may permit a local user with specific privileges to access sensitive information that should remain confidential. This issue highlights the importance of user privilege management and protective measures to secure critical data from unauthorized access.

Affected Version(s)

Cloud Pak for Data 2.5

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.