Details of VAR-202106-0506

ID

VAR-202106-0506

CVE

CVE-2021-20576

TITLE

IBM Security Verify Access Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-001973

DESCRIPTION

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. An information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2021-20576 // JVNDB: JVNDB-2021-001973 // CNVD: CNVD-2021-39673 // VULHUB: VHN-378252

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39673

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access	scope:	eq	version:	20.07	Trust: 1.8
vendor:	ibm	model:	application gateway	scope:	eq	version:	1.0	Trust: 1.0
vendor:	ibm	model:	security verify access	scope:	eq	version:	-	Trust: 0.8
vendor:	ibm	model:	application gateway	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-39673 // JVNDB: JVNDB-2021-001973 // NVD: CVE-2021-20576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20576
value:	HIGH
Trust: 1.0
psirt@us.ibm.com:	CVE-2021-20576
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20576
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-39673
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202105-1991
value:	HIGH
Trust: 0.6
VULHUB:	VHN-378252
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20576
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-39673
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-378252
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

psirt@us.ibm.com:	CVE-2021-20576
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-20576
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-39673 // VULHUB: VHN-378252 // JVNDB: JVNDB-2021-001973 // CNNVD: CNNVD-202105-1991 // NVD: CVE-2021-20576 // NVD: CVE-2021-20576

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-001973 // NVD: CVE-2021-20576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1991

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1991

PATCH

title:

6457315 IBM X-Force Exchange

url:

https://www.ibm.com/support/pages/node/6457315

Trust: 0.8

sources: JVNDB: JVNDB-2021-001973

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20576	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-001973	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1991	Trust: 0.7
db:	CNVD	id:	CNVD-2021-39673	Trust: 0.6
db:	VULHUB	id:	VHN-378252	Trust: 0.1

sources: CNVD: CNVD-2021-39673 // VULHUB: VHN-378252 // JVNDB: JVNDB-2021-001973 // CNNVD: CNNVD-202105-1991 // NVD: CVE-2021-20576

REFERENCES

url:	https://www.ibm.com/support/pages/node/6457315	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/199280	Trust: 1.7
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20576	Trust: 0.8

sources: CNVD: CNVD-2021-39673 // VULHUB: VHN-378252 // JVNDB: JVNDB-2021-001973 // CNNVD: CNNVD-202105-1991 // NVD: CVE-2021-20576

SOURCES

db:	CNVD	id:	CNVD-2021-39673
db:	VULHUB	id:	VHN-378252
db:	JVNDB	id:	JVNDB-2021-001973
db:	CNNVD	id:	CNNVD-202105-1991
db:	NVD	id:	CVE-2021-20576

LAST UPDATE DATE

2024-08-14T13:43:31.954000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-39673	date:	2021-07-06T00:00:00
db:	VULHUB	id:	VHN-378252	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001973	date:	2021-07-06T08:12:00
db:	CNNVD	id:	CNNVD-202105-1991	date:	2021-06-07T00:00:00
db:	NVD	id:	CVE-2021-20576	date:	2021-06-04T18:29:45.303

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-39673	date:	2021-06-05T00:00:00
db:	VULHUB	id:	VHN-378252	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-001973	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202105-1991	date:	2021-05-28T00:00:00
db:	NVD	id:	CVE-2021-20576	date:	2021-06-01T14:15:08.630