Link Injection Vulnerability in IBM Security Verify Product
CVE-2021-29676

4.6MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Privilege Vault
Vendor: CVE Published:; 25 June 2021

Summary

IBM Security Verify Privilege Vault 10.9.66 is susceptible to a link injection vulnerability that allows remote attackers to manipulate URLs. By luring a victim to click on a maliciously crafted link, attackers can execute various harmful actions on the compromised system, such as cross-site scripting attacks, cache poisoning, and session hijacking. This vulnerability underscores the importance of secure link management and vigilant user education to prevent exploitation.

Affected Version(s)

Security Verify Privilege Vault 10.9.66

References

https://www.ibm.com/support/pages/node/6467045

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/199575

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2021
Vulnerability Reserved
Mar 31, 2021