Vulnerability Details : CVE-2021-20396
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
Products affected by CVE-2021-20396
- cpe:2.3:a:ibm:security_qradar_analyst_workflow:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20396
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20396
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
4.0
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.5
|
1.4
|
IBM Corporation | |
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2021-20396
-
The product stores sensitive information without properly limiting read or write access by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-20396
-
https://www.ibm.com/support/pages/node/6462585
Security Bulletin: IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to cacheable SSL Pages (CVE-2021-20396)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/196009
IBM QRadar Analyst Workflow App information disclosure CVE-2021-20396 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to