Privileged Mode Vulnerability in IBM CloudPak for Multicloud Monitoring
CVE-2021-38941

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Pak For Multicloud Management Monitoring
Vendor: CVE Published:; 30 June 2022

Summary

The IBM CloudPak for Multicloud Monitoring versions 2.0 and 2.3 are exposed to a security risk due to the presence of several containers operating in privileged mode. This issue can lead to host information leakage or potential destruction if unauthorized access is obtained, enabling attackers to execute arbitrary commands within the vulnerable containers. Organizations using this product are urged to review their security configurations and implement necessary updates to mitigate these risks.

Affected Version(s)

Cloud Pak for Multicloud Management Monitoring 2.0

Cloud Pak for Multicloud Management Monitoring 2.3.FixPack4

References

https://www.ibm.com/support/pages/node/6599639

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/211048

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Aug 16, 2021