Authentication Bypass Vulnerability in IBM Security Verify Access
CVE-2021-39070

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Security Verify Access; Security Verify Access Docker
Vendor: CVE Published:; 2 February 2022

Summary

A vulnerability exists in IBM Security Verify Access versions 10.0.0.0, 10.0.1.0, and 10.0.2.0 that allows attackers with the advanced access control authentication service enabled to authenticate as any user. This vulnerability poses serious security risks as it circumvents normal authentication processes, potentially allowing unauthorized access to sensitive data and systems. Organizations using these versions should promptly assess their configurations and implement appropriate mitigations.

References

https://www.ibm.com/support/pages/node/6552318

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/215353

vdb-entryx_refsource_XF

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2022
Vulnerability Reserved
Aug 16, 2021