Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA94B4ADE321B77798678CA481E3978FB70EADA991BDF74F43B18A52C13A4182F
HistorySep 13, 2021 - 4:04 p.m.

Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault

2021-09-1316:04:16
www.ibm.com
17
ibm security verify privilege vault
ibm security secret server
vulnerabilities
improper input validation
sensitive information
url parameters
information disclosure
error messages
upgrade
ibm
release 11.0

EPSS

0.001

Percentile

32.8%

JSON

Summary

Multiple vulnerabilities identified in IBM Security Verify Privilege Vault previously known as IBM Security Secret Server have been addressed in the release 11.0.

Vulnerability Details

CVEID:CVE-2021-20569
**DESCRIPTION:**IBM Security Verify Privilege could allow an attacker to enumerate usernames due to improper input validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199243 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-20582
**DESCRIPTION:**IBM Security Verify stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199328 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-20508
**DESCRIPTION:**IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199322 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-5419
**DESCRIPTION:**VMware RabbitMQ could allow a local authenticated attacker to execute arbitrary code on the system, caused by a Windows-specific binary planting security flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187523 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

All versions of IBM Security Secret Server prior to 11.0

Remediation/Fixes

Upgrade to the latest release available here.

Workarounds and Mitigations

None

Related

cvelist 4
cnvd 3
prion 4
cve 4
nvd 4
osv 2
debiancve 1
ubuntucve 1
cvelist
cvelist
CVE-2021-20508
2021-09-14 13:25:22
CVE-2021-20582
2021-09-14 13:25:26
CVE-2020-5419 RabbitMQ arbitrary code execution using local binary planting
2020-08-31 15:05:20
cnvd
cnvd
IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2022-05088)
2021-09-16 00:00:00
IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2022-05090)
2021-09-16 00:00:00
IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2022-05089)
2021-09-16 00:00:00
prion
prion
Information disclosure
2021-09-14 14:15:00
Information disclosure
2021-09-14 14:15:00
Input validation
2021-09-14 14:15:00
cve
cve
CVE-2021-20508
2021-09-14 14:15:09
CVE-2021-20582
2021-09-14 14:15:09
CVE-2020-5419
2020-08-31 15:15:11
nvd
nvd
CVE-2021-20508
2021-09-14 14:15:09
CVE-2021-20582
2021-09-14 14:15:09
CVE-2020-5419
2020-08-31 15:15:11
osv
osv
CVE-2020-5419
2020-08-31 15:15:11
BIT-rabbitmq-2020-5419
2024-03-06 11:04:02
debiancve
debiancve
CVE-2020-5419
2020-08-31 15:15:11
ubuntucve
ubuntucve
CVE-2020-5419
2020-08-31 00:00:00

EPSS

0.001

Percentile

32.8%

JSON
Related for A94B4ADE321B77798678CA481E3978FB70EADA991BDF74F43B18A52C13A4182F
cvelist4cnvd3prion4cve4nvd4osv2debiancve1ubuntucve1