Credential Storage Vulnerability in IBM Data Risk Manager
CVE-2021-38915

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Data Risk Manager
Vendor
CVE Published:
12 October 2021

Summary

IBM Data Risk Manager version 2.0.6 has a security issue where user credentials are stored in plain text, making them accessible to any authenticated user. This vulnerability highlights significant risks in credential management, exposing sensitive information that could lead to unauthorized access and data breaches.

Affected Version(s)

Data Risk Manager 2.0.6

References

https://www.ibm.com/support/pages/node/6497499
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/209947
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.