PT-2022-9942 · Ibm · Ibm Icp4A

Published

2022-05-02

Updated

2022-05-11

CVE-2021-29859

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM ICP4A - User Management System Component versions V21.0.1 through V21.0.1-IF007 IBM ICP4A - User Management System Component versions V21.0.2 through V21.0.2-IF009 IBM ICP4A - User Management System Component versions V21.0.3 through V21.0.3-IF008

Description The issue could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and revocation when another user logs out.

Recommendations For versions V21.0.1 through V21.0.1-IF007, update to a version that includes the necessary security fixes. For versions V21.0.2 through V21.0.2-IF009, update to a version that includes the necessary security fixes. For versions V21.0.3 through V21.0.3-IF008, update to a version that includes the necessary security fixes.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-29859

PT-2022-9942 · Ibm · Ibm Icp4A

CVE-2021-29859

Related Identifiers

Affected Products

References · 6