We use cookies to improve your experience on our site.
AVID-2026-R0713
Description
Vulnerability CVE-2021-20486
Details
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.
Reason for inclusion in AVID: CVE-2021-20486 describes an information disclosure vulnerability in IBM Cloud Pak for Data 3.0, a software product used to run AI-related data and model workflows. The issue stems from the software stack and could affect AI pipelines when plugins are involved, making it relevant to AI systems and their deployment. It affects software components used to build/deploy AI systems, and is a documented security vulnerability with references (NVD, IBM page). Therefore it fits AI-related supply chain vulnerability criteria.
References
- NVD entry
- https://www.ibm.com/support/pages/node/6456033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/197668
Affected or Relevant Artifacts
- Developer: IBM
- Deployer: IBM
- Artifact Details:
| Type | Name |
|---|---|
| System | Cloud Pak for Data |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.0 |
| Vector String | CVSS:3.0/PR:L/AC:H/I:N/UI:N/AV:N/C:H/A:N/S:U/E:U/RL:O/RC:C |
| Base Score | 5.3 |
| Base Severity | 🟠 Medium |
| Attack Vector | NETWORK |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | NONE |
| Availability Impact | NONE |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-05-26
- Version: 0.3.3
- AVID Entry