CVE-2020-4918
First published: Tue Nov 17 2020(Updated: )
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak System | >=2.3.0.0<2.3.3.3 | |
| <=2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-4918.
What is the severity of CVE-2020-4918?
The severity of CVE-2020-4918 is medium (4.4).
How could a local privileged user exploit CVE-2020-4918?
A local privileged user could exploit CVE-2020-4918 to disclose sensitive information due to an insecure direct object reference in the sell service console for the Platform System Manager.
Which versions of IBM Cloud Pak System are affected by CVE-2020-4918?
The affected versions of IBM Cloud Pak System are 2.3.0.0 to 2.3.3.3.
Where can I find more information about CVE-2020-4918?
You can find more information about CVE-2020-4918 on the IBM X-Force ID page (ID: 191392) and the IBM support page.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm cloud pak system
- version/ibm cloud pak system/2.3.0.0
- version/ibm cloud pak system/2.3