## Summary
IBM Cloud Pak for Security (CP4S) could allow an attacker with a valid API key for one tenant to access data from another tenant’s account. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S).
## Vulnerability Details
** CVEID: **[CVE-2023-30993]()
** DESCRIPTION: **IBM Cloud Pak for Security (CP4S) could allow an attacker with a valid API key for one tenant to access data from another tenant’s account.
CVSS Base score: 6.8
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/254136]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
Cloud Pak for Security (CP4S)| 1.9.0.0 – 1.9.2.0
## Remediation/Fixes
IBM encourages customers to update their systems promptly.
Please upgrade to at least CP4S 1.10.0.0 following these instructions:
## Workarounds and Mitigations
None