CVE-2021-29894: High severity ibm cloud pak for security vulnerability

Q: What is the vulnerability ID of this security issue?

The vulnerability ID of this security issue is CVE-2021-29894.

Q: What software versions are affected by this vulnerability?

IBM Cloud Pak for Security (CP4S) versions 1.7.0.0, 1.7.1.0, and 1.7.2.0 are affected by this vulnerability.

Q: What is the severity of CVE-2021-29894?

The severity of CVE-2021-29894 is high (7.5).

Q: What is the impact of this vulnerability?

This vulnerability could allow an attacker to decrypt highly sensitive information.

Q: How can I fix this vulnerability?

To fix this vulnerability, update IBM Cloud Pak for Security (CP4S) to a version that addresses the issue.

Published Sep 8, 2021

Updated

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

Other sources

IBM Cloud Pak for Security (CP4S) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Affected Software

7 affected components

IBM Cloud Pak for Security=1.7.0.0

IBM Cloud Pak for Security=1.7.1.0

IBM Cloud Pak for Security=1.7.2.0

redhat Openshift

IBM Cloud Pak for Security (CP4S)<=1.7.2.0

IBM Cloud Pak for Security (CP4S)<=1.7.1.0

IBM Cloud Pak for Security (CP4S)<=1.7.0.0

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6493729

Event History

Sep 8, 2021

CVE Published

via IBM·12:00 AM

Sep 30, 2021

CVE Published

via MITRE·04:20 PM

Data Sourced

via MITRE·04:20 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6493729

Frequently Asked Questions

What is the vulnerability ID of this security issue?

The vulnerability ID of this security issue is CVE-2021-29894.

What software versions are affected by this vulnerability?