CVE-2021-20527 - OpenCVE

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Resilient

Configuration 1 [-]

OR	cpe:2.3:a:ibm:resilient::::::::
	cpe:2.3:a:ibm:resilient::::::::
	cpe:2.3:a:ibm:resilient::::::::
	cpe:2.3:a:ibm:resilient::::::::
	cpe:2.3:a:ibm:resilient::::::::
	cpe:2.3:a:ibm:resilient::::::::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/198759
https://www.ibm.com/support/pages/node/6444747

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2021-04-19T16:20:13.202247Z

Updated: 2024-09-16T22:14:43.962Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20527

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-19T17:15:13.123

Modified: 2021-04-23T14:50:02.850

Link: CVE-2021-20527

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Resilient OnPrem", "vendor": "IBM", "versions": [{"status": "affected", "version": "38.0"}]}], "datePublic": "2021-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/I:H/C:L/PR:H/A:L/AC:L/UI:N/AV:N/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-19T16:20:13", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6444747"}, {"name": "ibm-resilient-cve202120527-code-exec (198759)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198759"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-04-18T00:00:00", "ID": "CVE-2021-20527", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Resilient OnPrem", "version": {"version_data": [{"version_value": "38.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759."}]}, "impact": {"cvssv3": {"BM": {"A": "L", "AC": "L", "AV": "N", "C": "L", "I": "H", "PR": "H", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6444747", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6444747 (Resilient OnPrem)", "url": "https://www.ibm.com/support/pages/node/6444747"}, {"name": "ibm-resilient-cve202120527-code-exec (198759)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198759"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:45:44.664Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6444747"}, {"name": "ibm-resilient-cve202120527-code-exec (198759)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198759"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20527", "datePublished": "2021-04-19T16:20:13.202247Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T22:14:43.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:resilient:*:*:*:*:*:*:*:*", "matchCriteriaId": "9847A279-960F-41D1-9C5F-A9311AB53FEA", "versionEndExcluding": "38.2.41", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:resilient:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B37A7BC-8595-4E1C-9A76-80A22CD789ED", "versionEndExcluding": "39.0.6536", "versionStartIncluding": "39.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:resilient:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B527D30-D9B9-4341-877F-DF891F09D0DC", "versionEndExcluding": "39.1.46", "versionStartIncluding": "39.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:resilient:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D0E174-44B3-441D-B1AC-3D2550EADB41", "versionEndExcluding": "39.2.21", "versionStartIncluding": "39.2.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:resilient:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BE2AE33-B49B-4C2A-87F1-FCDF4CAEC81A", "versionEndExcluding": "40.0.6556", "versionStartIncluding": "40.0.6554", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:resilient:*:*:*:*:*:*:*:*", "matchCriteriaId": "51A0B338-048D-4720-B0BC-9D987F8B2E79", "versionEndExcluding": "40.1.51", "versionStartIncluding": "40.1.50", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759."}, {"lang": "es", "value": "IBM Resilient SOAR versi\u00f3n V38.0, podr\u00eda permitir a un usuario privilegiado crear scripts maliciosos que podr\u00edan ser ejecutados como otro usuario. IBM X-Force ID: 198759"}], "id": "CVE-2021-20527", "lastModified": "2021-04-23T14:50:02.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 4.7, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-19T17:15:13.123", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198759"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6444747"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}