Client received Security Advisory for ACF2 v16 to apply LU01824. Related Notice MFDSA20352, there is a CVSS score with "Base:6.5 Temporal:5.2" and CVSS Vector "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:U" which is not clear.

Can more information regarding the vulnerability be provided before a site decides to apply and IPL a PROD systems.

Release : 16.0

Component : ACF2 for z/OS

Apar LU01824 vulnerability information:

A potential security vulnerability was closed. The use of the CVSS Vector String is intended to describe the potential impact on the exposure and the associated attack vector. This is consistent with IBM for z/OS related vulnerabilities.  The CVSS score of a 7.0 or greater is considered high and should be applied sooner, depending upon the clients policies.  In this case it was a 6.5, so the impact is medium.