Link Injection Vulnerability in IBM Security Verify Product
CVE-2021-29676

4.6MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 June 2021

Summary

IBM Security Verify Privilege Vault 10.9.66 is susceptible to a link injection vulnerability that allows remote attackers to manipulate URLs. By luring a victim to click on a maliciously crafted link, attackers can execute various harmful actions on the compromised system, such as cross-site scripting attacks, cache poisoning, and session hijacking. This vulnerability underscores the importance of secure link management and vigilant user education to prevent exploitation.

Affected Version(s)

Security Verify Privilege Vault 10.9.66

References

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.