Credential Storage Weakness in IBM Security Access Manager and Verify Access Docker
CVE-2021-20439

7.5HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 July 2021

Summary

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 suffer from a vulnerability where user credentials are stored in plain text. This flaw allows unauthorized access to sensitive user information, significantly increasing the risk of data breaches. Organizations relying on these products should consider implementing additional security measures to protect against potential exploitation.

Affected Version(s)

Security Access Manager 9.0

Security Verify Access Docker 10.0.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.