Multiple vulnerabilities in IBM Security Verify Bridge



Published: 2021-03-08
Risk Medium
Patch available NO
Number of vulnerabilities 2
CVE-ID CVE-2021-20442
CVE-2021-20441
CWE-ID CWE-798
CWE-310
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Security Verify Bridge
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use of hard-coded credentials

EUVDB-ID: #VU51265

Risk: Medium

CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2021-20442

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can gain access to sensitive information on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

IBM Security Verify Bridge: All versions

External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/196618
http://www.ibm.com/support/pages/node/6421025


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cryptographic issues

EUVDB-ID: #VU51266

Risk: Medium

CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2021-20441

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected software uses weaker than expected cryptographic algorithms. A remote attacker can decrypt highly sensitive information.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

IBM Security Verify Bridge: All versions

External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/196617
http://www.ibm.com/support/pages/node/6421023


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###