Lucene search
IBMB1E5248EB6CC590867621151F09906F3625311B780EC1C010E090C146CD85F20HistoryNov 23, 2021 - 4:14 a.m.
Security Bulletin: Weak Cryptographic Control Vulnerability Affects IBM Sterling Connect:Direct Web Services (CVE-2021-38891)
2021-11-2304:14:41
www.ibm.com
11
ibm sterling connect:direct
weak cryptographic control
vulnerability
ibm connect:direct
web services
cve-2021-38891
EPSS
0.001
Percentile
43.9%
Summary
IBM Sterling Connect:Direct Web Services used weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The vulnerability has been addressed.
Vulnerability Details
CVEID:CVE-2021-38891
**DESCRIPTION:**IBM Sterling Connect:Direct Web Services uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209508 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Sterling Connect Direct Web Services | 1.0 |
| IBM Connect:Direct Web Services | 6.0 |
Remediation/Fixes
Apply 6.2.0.1, available on Fix Central
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2021-38891
2021-11-23 19:15:34
prion
prion
Code injection
2021-11-23 20:15:00
nvd
nvd
CVE-2021-38891
2021-11-23 20:15:11
cve
cve
CVE-2021-38891
2021-11-23 20:15:11
EPSS
0.001
Percentile
43.9%
Related for B1E5248EB6CC590867621151F09906F3625311B780EC1C010E090C146CD85F20