Details of VAR-202106-0517

ID

VAR-202106-0517

CVE

CVE-2021-20585

TITLE

IBM Security Verify Access Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001976

DESCRIPTION

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Vendor is responsible for this vulnerability IBM X-Force ID: 199398 Is published as.Information may be obtained. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies There is an information disclosure vulnerability in the IBM Security Verify Access 20.07 version

Trust: 2.79

sources: NVD: CVE-2021-20585 // JVNDB: JVNDB-2021-001976 // CNVD: CNVD-2021-39691 // CNNVD: CNNVD-202106-035 // VULMON: CVE-2021-20585

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39691

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access	scope:	eq	version:	20.07	Trust: 2.4
vendor:	ibm	model:	security verify access	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-39691 // JVNDB: JVNDB-2021-001976 // NVD: CVE-2021-20585

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20585
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2021-20585
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20585
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-39691
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-035
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-20585
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20585
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-39691
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2021-20585
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-20585
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-39691 // VULMON: CVE-2021-20585 // JVNDB: JVNDB-2021-001976 // CNNVD: CNNVD-202106-035 // NVD: CVE-2021-20585 // NVD: CVE-2021-20585

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-001976 // NVD: CVE-2021-20585

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-035

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-035

PATCH

title:	6457315 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6457315	Trust: 0.8
title:	Patch for IBM Security Verify Access information disclosure vulnerability (CNVD-2021-39691)	url:	https://www.cnvd.org.cn/patchInfo/show/270206	Trust: 0.6
title:	IBM Security Verify Access Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152868	Trust: 0.6
title:	CVE-2021-20585	url:	https://github.com/JamesGeeee/CVE-2021-20585	Trust: 0.1

sources: CNVD: CNVD-2021-39691 // VULMON: CVE-2021-20585 // JVNDB: JVNDB-2021-001976 // CNNVD: CNNVD-202106-035

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20585	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-001976	Trust: 0.8
db:	CNVD	id:	CNVD-2021-39691	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-035	Trust: 0.6
db:	VULMON	id:	CVE-2021-20585	Trust: 0.1

sources: CNVD: CNVD-2021-39691 // VULMON: CVE-2021-20585 // JVNDB: JVNDB-2021-001976 // CNNVD: CNNVD-202106-035 // NVD: CVE-2021-20585

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/199398	Trust: 1.7
url:	https://www.ibm.com/support/pages/node/6457315	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20585	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://github.com/jamesgeeee/cve-2021-20585	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-39691 // VULMON: CVE-2021-20585 // JVNDB: JVNDB-2021-001976 // CNNVD: CNNVD-202106-035 // NVD: CVE-2021-20585

SOURCES

db:	CNVD	id:	CNVD-2021-39691
db:	VULMON	id:	CVE-2021-20585
db:	JVNDB	id:	JVNDB-2021-001976
db:	CNNVD	id:	CNNVD-202106-035
db:	NVD	id:	CVE-2021-20585

LAST UPDATE DATE

2024-08-14T14:38:00.615000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-39691	date:	2021-06-05T00:00:00
db:	VULMON	id:	CVE-2021-20585	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001976	date:	2021-07-06T08:12:00
db:	CNNVD	id:	CNNVD-202106-035	date:	2021-06-07T00:00:00
db:	NVD	id:	CVE-2021-20585	date:	2021-06-04T18:49:12.977

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-39691	date:	2021-06-05T00:00:00
db:	VULMON	id:	CVE-2021-20585	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-001976	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202106-035	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2021-20585	date:	2021-06-01T14:15:08.663