CVE-2021-29736: 
IBM WebSphere App Server vulnerability analysis and mitigation

IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 were identified with a privilege escalation vulnerability tracked as CVE-2021-29736. The vulnerability was discovered and disclosed in March 2021, with IBM publishing a security bulletin on July 29, 2021. This security issue could potentially allow remote users to gain elevated privileges on affected systems (IBM Support).

The vulnerability has been assigned a CVSS Base score of 5.0 with the following vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. This scoring indicates that the vulnerability requires network access, has high attack complexity, needs low privileges, requires no user interaction, and has a limited impact on confidentiality, integrity, and availability (IBM Support).

If exploited, this vulnerability could allow remote attackers to gain elevated privileges on the affected system, potentially compromising the security of the WebSphere Application Server environment (IBM Support).

IBM has released several remediation options depending on the version affected. For V9.0.0.0 through 9.0.5.8, users can either upgrade to Fix Pack 9.0.5.9 or later, or apply Interim Fix PH34690. For V8.5.0.0 through 8.5.5.20, options include upgrading to Fix Pack 8.5.5.21 or later, or applying Interim Fix PH34690. V8.0.0.0 through 8.0.0.15 users should upgrade to 8.0.0.15 and apply Interim Fix PH34690. For V7.0.0.0 through 7.0.0.45, users need to upgrade to 7.0.0.45 and apply Interim Fix PH34690. No workarounds are available (IBM Support).