Information Disclosure Vulnerability in IBM Security Verify Information Queue
CVE-2021-20402
2.7LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 11 February 2021
Summary
An information disclosure vulnerability exists in IBM Security Verify Information Queue versions 1.0.6 and 1.0.7 that allows remote attackers to gain access to sensitive information through detailed technical error messages rendered in the browser. This could lead to further exploitation of the system, as the disclosed information may be leveraged in subsequent attacks. Organizations using affected versions should assess their exposure and consider applying recommended mitigations.
Affected Version(s)
Security Verify Information Queue 1.0.6
Security Verify Information Queue 1.0.7
References
CVSS V3.1
Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved