PT-2021-12232 · Ibm · Ibm Cloud Pak System

Published

2021-01-04

Updated

2021-07-21

CVE-2020-4918

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System version 2.3

Description The issue allows a local privileged user to disclose sensitive information due to an insecure direct object reference in the sell service console for the Platform System Manager.

Recommendations For IBM Cloud Pak System version 2.3, consider restricting access to the sell service console to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of local users to reduce the potential impact of the issue.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2020-4918

Affected Products

Ibm Cloud Pak System

PT-2021-12232 · Ibm · Ibm Cloud Pak System

CVE-2020-4918

Weakness Enumeration

Related Identifiers

Affected Products

References · 6