Control of Sensitive Information in IBM Security Verify Bridge by IBM
CVE-2021-20434

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Bridge
Vendor: CVE Published:; 23 September 2021

Summary

IBM Security Verify Bridge version 1.0.5.0 has a vulnerability allowing local users to access sensitive user credentials stored in plain text. This design flaw can lead to unauthorized access and exploitation of sensitive information, potentially impacting the security of the application and its users. Proper measures should be implemented to secure credential storage to mitigate exposure to local users.

Affected Version(s)

Security Verify Bridge 1.0.5.0

References

https://www.ibm.com/support/pages/node/6491651

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/196346

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 23, 2021
Vulnerability Reserved
Dec 17, 2020