Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2021-20442 CVE-2021-20441 |
CWE-ID | CWE-798 CWE-310 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
IBM Security Verify Bridge Server applications / Other server solutions |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU51265
Risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-20442
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can gain access to sensitive information on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIBM Security Verify Bridge: All versions
External linkshttp://exchange.xforce.ibmcloud.com/vulnerabilities/196618
http://www.ibm.com/support/pages/node/6421025
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51266
Risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-20441
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected software uses weaker than expected cryptographic algorithms. A remote attacker can decrypt highly sensitive information.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIBM Security Verify Bridge: All versions
External linkshttp://exchange.xforce.ibmcloud.com/vulnerabilities/196617
http://www.ibm.com/support/pages/node/6421023
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.