CVE-2021-20359
First published: Wed Feb 03 2021(Updated: )
Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Automation | <=20.0.3 | |
| IBM Cloud Pak for Automation | <=20.0.2 IF002 | |
| IBM Cloud Pak for Automation | =20.0.2-interim_fix002 | |
| IBM Cloud Pak for Automation | =20.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20359?
CVE-2021-20359 is a vulnerability in IBM Cloud Pak for Automation that allows unauthorized users to obtain potentially sensitive information from log files.
How severe is CVE-2021-20359?
CVE-2021-20359 has a severity rating of 6.5 (medium).
Which versions of IBM Cloud Pak for Automation are affected by CVE-2021-20359?
IBM Cloud Pak for Automation versions 20.0.3 and 20.0.2-IF002 are affected by CVE-2021-20359.
How can an unauthorized user obtain sensitive information from log files in IBM Cloud Pak for Automation?
An unauthorized user can obtain sensitive information from log files in IBM Cloud Pak for Automation due to improper storage of potentially sensitive information.
Is there a fix for CVE-2021-20359?
Yes, IBM has provided a fix for CVE-2021-20359. It is recommended to upgrade to a fixed version of IBM Cloud Pak for Automation.
- collector/ibm-support
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- vendor/ibm
- canonical/ibm cloud pak for automation
- version/ibm cloud pak for automation/20.0.3
- version/ibm cloud pak for automation/20.0.2 if002
- version/ibm cloud pak for automation/20.0.2-interim_fix002