{"containers": {"cna": {"affected": [{"product": "Cloud Pak for Security", "vendor": "IBM", "versions": [{"status": "affected", "version": "1.6.0.0"}, {"status": "affected", "version": "1.5.0.1"}, {"status": "affected", "version": "1.5.0.0"}, {"status": "affected", "version": "1.6.0.1"}, {"status": "affected", "version": "1.7.0.0"}, {"status": "affected", "version": "1.7.1.0"}]}], "datePublic": "2021-07-30T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.4, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/S:U/C:L/UI:N/PR:H/I:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-02T16:35:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6476940"}, {"name": "ibm-cp4s-cve202120540-info-disc (198923)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198923"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-07-30T00:00:00", "ID": "CVE-2021-20540", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Pak for Security", "version": {"version_data": [{"version_value": "1.6.0.0"}, {"version_value": "1.5.0.1"}, {"version_value": "1.5.0.0"}, {"version_value": "1.6.0.1"}, {"version_value": "1.7.0.0"}, {"version_value": "1.7.1.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "H", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6476940", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6476940 (Cloud Pak for Security)", "url": "https://www.ibm.com/support/pages/node/6476940"}, {"name": "ibm-cp4s-cve202120540-info-disc (198923)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198923"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:45:44.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6476940"}, {"name": "ibm-cp4s-cve202120540-info-disc (198923)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198923"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20540", "datePublished": "2021-08-02T16:35:21.783995Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T17:24:03.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:1.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "43F0280B-81B4-49A1-BE7E-D8476C20E041", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:1.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "ACC07468-AC42-41E7-B255-418144A1197E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:1.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "29021B22-B70A-4278-AB13-92794BB260C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:1.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4B52E14-2370-4201-8E0D-4225C12E28A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE236FAA-CBC7-49D6-934B-55CA67F0AE95", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F15C8979-996E-44AE-BDF9-98BA5F1B3C41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923."}, {"lang": "es", "value": "IBM Cloud Pak for Security (CP4S) versiones 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0 y 1.7.1.0, podr\u00eda divulgar informaci\u00f3n confidencial a un usuario no autorizado mediante peticiones HTTP GET. Esta informaci\u00f3n podr\u00eda usarse en otros ataques contra el sistema. IBM X-Force ID: 198923"}], "id": "CVE-2021-20540", "lastModified": "2024-11-21T05:46:44.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-02T17:15:13.497", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198923"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6476940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198923"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6476940"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}