What is CVE-2021-29859?

CVE-2021-29859 is a vulnerability in the User Management System Component of IBM Cloud Pak for Business Automation that allows a user with physical access to the system to perform unauthorized actions or obtain sensitive information.

What is the severity of CVE-2021-29859?

The severity of CVE-2021-29859 is medium with a score of 6.8.

Which versions of IBM Cloud Pak for Business Automation are affected by CVE-2021-29859?

IBM Cloud Pak for Business Automation versions 21.0.1 through 21.0.1-IF007, 21.0.2 through 21.0.2-IF009, and 21.0.3 through 21.0.3-IF008 are affected by CVE-2021-29859.

How can an attacker exploit CVE-2021-29859?

An attacker with physical access to the system can exploit CVE-2021-29859 to perform unauthorized actions or obtain sensitive information.

Where can I find more information about CVE-2021-29859?

You can find more information about CVE-2021-29859 on the IBM X-Force Exchange website and the IBM Support page.

Vulnerability/
CVE-2021-29859

medium

6.8

29/4/2022

3/8/2024

CVE-2021-29859

First published: Fri Apr 29 2022(Updated: )

IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cloud Pak for Business Automation	=21.0.1
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_001
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_002
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_003
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_004
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_005
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_006
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_007
IBM Cloud Pak for Business Automation	=21.0.2
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_001
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_002
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_003
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_004
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_005
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_006
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_007
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_008
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_009
IBM Cloud Pak for Business Automation	=21.0.3
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_001
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_002
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_003
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_004
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_005
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_006
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_007
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_008

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6578583

Frequently Asked Questions

What is CVE-2021-29859?
CVE-2021-29859 is a vulnerability in the User Management System Component of IBM Cloud Pak for Business Automation that allows a user with physical access to the system to perform unauthorized actions or obtain sensitive information.
What is the severity of CVE-2021-29859?
The severity of CVE-2021-29859 is medium with a score of 6.8.
Which versions of IBM Cloud Pak for Business Automation are affected by CVE-2021-29859?
IBM Cloud Pak for Business Automation versions 21.0.1 through 21.0.1-IF007, 21.0.2 through 21.0.2-IF009, and 21.0.3 through 21.0.3-IF008 are affected by CVE-2021-29859.
How can an attacker exploit CVE-2021-29859?
An attacker with physical access to the system can exploit CVE-2021-29859 to perform unauthorized actions or obtain sensitive information.
Where can I find more information about CVE-2021-29859?
You can find more information about CVE-2021-29859 on the IBM X-Force Exchange website and the IBM Support page.

agent/references
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/author
agent/description
agent/tags
collector/mitre-cve
source/MITRE
collector/ibm-support
source/IBM
vendor/ibm
canonical/ibm cloud pak for business automation
version/ibm cloud pak for business automation/21.0.1
version/ibm cloud pak for business automation/21.0.1-interim_fix_001
version/ibm cloud pak for business automation/21.0.1-interim_fix_002
version/ibm cloud pak for business automation/21.0.1-interim_fix_003
version/ibm cloud pak for business automation/21.0.1-interim_fix_004
version/ibm cloud pak for business automation/21.0.1-interim_fix_005
version/ibm cloud pak for business automation/21.0.1-interim_fix_006
version/ibm cloud pak for business automation/21.0.1-interim_fix_007
version/ibm cloud pak for business automation/21.0.2
version/ibm cloud pak for business automation/21.0.2-interim_fix_001
version/ibm cloud pak for business automation/21.0.2-interim_fix_002
version/ibm cloud pak for business automation/21.0.2-interim_fix_003
version/ibm cloud pak for business automation/21.0.2-interim_fix_004
version/ibm cloud pak for business automation/21.0.2-interim_fix_005
version/ibm cloud pak for business automation/21.0.2-interim_fix_006
version/ibm cloud pak for business automation/21.0.2-interim_fix_007
version/ibm cloud pak for business automation/21.0.2-interim_fix_008
version/ibm cloud pak for business automation/21.0.2-interim_fix_009
version/ibm cloud pak for business automation/21.0.3
version/ibm cloud pak for business automation/21.0.3-interim_fix_001
version/ibm cloud pak for business automation/21.0.3-interim_fix_002
version/ibm cloud pak for business automation/21.0.3-interim_fix_003
version/ibm cloud pak for business automation/21.0.3-interim_fix_004
version/ibm cloud pak for business automation/21.0.3-interim_fix_005
version/ibm cloud pak for business automation/21.0.3-interim_fix_006
version/ibm cloud pak for business automation/21.0.3-interim_fix_007
version/ibm cloud pak for business automation/21.0.3-interim_fix_008