How severe is CVE-2021-20358?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Ibm Cloud Pak For Automation

CVE-2021-20358

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.

EPSS: 0.001 (20.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/PR:L/I:N/AV:N/A:N/AC:L/UI:N/C:H/S:U/E:U/RL:O/RC:C.

Affected products

Ibm Cloud Pak For Automation — versions 20.0.2.IF002, 20.0.3

References

www.ibm.com/support/pages/node/6412345 (x_refsource_CONFIRM)
ibm-cp4a-cve202120358-info-disc (194965) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2021-20358?: CVE-2021-20358 is a medium-severity vulnerability in Ibm Cloud Pak For Automation. CVSS score: 6.5/10. Published 2021-02-08.
How severe is CVE-2021-20358?: Medium severity. CVSS v3 base score is 6.5 out of 10.