Multiple vulnerabilities in IBM Security Verify Bridge
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-20442 CVE-2021-20441 |
| CWE-ID | CWE-798 CWE-310 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Security Verify Bridge Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use of hard-coded credentials
EUVDB-ID: #VU51265
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-20442
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can gain access to sensitive information on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIBM Security Verify Bridge: All versions
CPE2.3 External linkshttps://exchange.xforce.ibmcloud.com/vulnerabilities/196618
https://www.ibm.com/support/pages/node/6421025
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cryptographic issues
EUVDB-ID: #VU51266
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-20441
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected software uses weaker than expected cryptographic algorithms. A remote attacker can decrypt highly sensitive information.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIBM Security Verify Bridge: All versions
CPE2.3 External linkshttps://exchange.xforce.ibmcloud.com/vulnerabilities/196617
https://www.ibm.com/support/pages/node/6421023
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
