Main Vulnerability Database Vulnerabilities #VU67187

Cleartext storage of sensitive information in IBM Security Risk Manager - CVE-2021-38911

Published: September 12, 2022

Vulnerability identifier: #VU67187

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-38911

CWE-ID: CWE-312

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Risk Manager

Detailed vulnerability description

The vulnerability allows an authenticated privileged user to gain access to sensitive information.

The vulnerability exists due to IBM Security Risk Manager stores user credentials in plain clear text. An authenticated privileged user can trigger the vulnerability and gain access to sensitive information.

How to mitigate CVE-2021-38911

Install updates from vendor's website.

Sources

https://exchange.xforce.ibmcloud.com/vulnerabilities/209940
https://www.ibm.com/support/pages/node/6505281

Cleartext storage of sensitive information in IBM Security Risk Manager - CVE-2021-38911

Detailed vulnerability description

How to mitigate CVE-2021-38911

Sources

Please verify you're human