Sign-up

ID

VAR-202106-0505


CVE

CVE-2021-20575


TITLE

IBM Security Verify Access  Vulnerability in insecure storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007390

DESCRIPTION

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2021-20575 // JVNDB: JVNDB-2021-007390 // CNVD: CNVD-2021-39673 // VULHUB: VHN-378251

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-39673

AFFECTED PRODUCTS

vendor:ibmmodel:application gatewayscope: - version: -

Trust: 1.4

vendor:ibmmodel:security verify accessscope:eqversion:20.07

Trust: 1.0

vendor:ibmmodel:application gatewayscope:eqversion:1.0

Trust: 1.0

vendor:ibmmodel:security verify accessscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2021-39673 // JVNDB: JVNDB-2021-007390 // NVD: CVE-2021-20575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20575
value: LOW

Trust: 1.0

psirt@us.ibm.com: CVE-2021-20575
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-20575
value: LOW

Trust: 0.8

CNVD: CNVD-2021-39673
value: LOW

Trust: 0.6

CNNVD: CNNVD-202105-1990
value: LOW

Trust: 0.6

VULHUB: VHN-378251
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-20575
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-39673
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-378251
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20575
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2021-20575
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2021-20575
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-39673 // VULHUB: VHN-378251 // JVNDB: JVNDB-2021-007390 // CNNVD: CNNVD-202105-1990 // NVD: CVE-2021-20575 // NVD: CVE-2021-20575

PROBLEMTYPE DATA

problemtype:CWE-922

Trust: 1.0

problemtype:Insecure storage of important information (CWE-922) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007390 // NVD: CVE-2021-20575

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1990

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1990

PATCH

title:6457315 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6457315

Trust: 0.8

sources: JVNDB: JVNDB-2021-007390

EXTERNAL IDS

db:NVDid:CVE-2021-20575

Trust: 3.9

db:JVNDBid:JVNDB-2021-007390

Trust: 0.8

db:CNNVDid:CNNVD-202105-1990

Trust: 0.7

db:CNVDid:CNVD-2021-39673

Trust: 0.6

db:VULHUBid:VHN-378251

Trust: 0.1

sources: CNVD: CNVD-2021-39673 // VULHUB: VHN-378251 // JVNDB: JVNDB-2021-007390 // CNNVD: CNNVD-202105-1990 // NVD: CVE-2021-20575

REFERENCES

url:https://www.ibm.com/support/pages/node/6457315

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/199278

Trust: 1.7

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20575

Trust: 0.8

sources: CNVD: CNVD-2021-39673 // VULHUB: VHN-378251 // JVNDB: JVNDB-2021-007390 // CNNVD: CNNVD-202105-1990 // NVD: CVE-2021-20575

SOURCES

db:CNVDid:CNVD-2021-39673
db:VULHUBid:VHN-378251
db:JVNDBid:JVNDB-2021-007390
db:CNNVDid:CNNVD-202105-1990
db:NVDid:CVE-2021-20575

LAST UPDATE DATE

2024-08-14T13:43:31.982000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-39673date:2021-07-06T00:00:00
db:VULHUBid:VHN-378251date:2021-06-07T00:00:00
db:JVNDBid:JVNDB-2021-007390date:2022-02-09T09:07:00
db:CNNVDid:CNNVD-202105-1990date:2021-06-08T00:00:00
db:NVDid:CVE-2021-20575date:2021-06-07T15:40:54.940

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-39673date:2021-06-05T00:00:00
db:VULHUBid:VHN-378251date:2021-06-01T00:00:00
db:JVNDBid:JVNDB-2021-007390date:2022-02-09T00:00:00
db:CNNVDid:CNNVD-202105-1990date:2021-05-28T00:00:00
db:NVDid:CVE-2021-20575date:2021-06-01T14:15:08.593