Main Vulnerability Database Vulnerabilities #VU67187

#VU67187 Cleartext storage of sensitive information in IBM Security Risk Manager - CVE-2021-38911

Published: September 12, 2022

Vulnerability identifier: #VU67187

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-38911

CWE-ID: CWE-312

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Security Risk Manager

Software vendor:
IBM Corporation

Description

The vulnerability allows an authenticated privileged user to gain access to sensitive information.

The vulnerability exists due to IBM Security Risk Manager stores user credentials in plain clear text. An authenticated privileged user can trigger the vulnerability and gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/209940
https://www.ibm.com/support/pages/node/6505281

#VU67187 Cleartext storage of sensitive information in IBM Security Risk Manager - CVE-2021-38911

Description

Remediation

External links

Please verify you're human