Sign-up

ID

VAR-202201-0359


CVE

CVE-2021-38956


TITLE

IBM Security Verify  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017523

DESCRIPTION

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038. Vendor exploits this vulnerability IBM X-Force ID: 212038 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication IBM Security Verify has an information disclosure vulnerability that stems from the possible disclosure of sensitive version information in HTTP response headers, which could facilitate further attacks on the system

Trust: 2.16

sources: NVD: CVE-2021-38956 // JVNDB: JVNDB-2021-017523 // CNNVD: CNNVD-202201-559

AFFECTED PRODUCTS

vendor:ibmmodel:security verify accessscope:eqversion:10.0.2.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.1.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017523 // NVD: CVE-2021-38956

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-38956
value: MEDIUM

Trust: 1.8

psirt@us.ibm.com: CVE-2021-38956
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202201-559
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-38956
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@us.ibm.com:
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2021-38956
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-017523 // NVD: CVE-2021-38956 // NVD: CVE-2021-38956 // CNNVD: CNNVD-202201-559

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017523 // NVD: CVE-2021-38956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-559

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202201-559

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-38956

PATCH
title:6538418 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6538418
Trust: 0.8
title:IBM Security Verify Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177311
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-017523 // 
            
            
            
            CNNVD: CNNVD-202201-559

EXTERNAL IDS
db:NVDid:CVE-2021-38956
Trust: 3.2
db:JVNDBid:JVNDB-2021-017523
Trust: 0.8
db:CS-HELPid:SB2022011038
Trust: 0.6
db:CNNVDid:CNNVD-202201-559
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-017523 // 
            
            
            
            NVD: CVE-2021-38956 // 
            
            
            
            CNNVD: CNNVD-202201-559

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/212038
Trust: 1.6
url:https://www.ibm.com/support/pages/node/6538418
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-38956
Trust: 1.4
url:https://www.cybersecurity-help.cz/vdb/sb2022011038
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-017523 // 
            
            
            
            NVD: CVE-2021-38956 // 
            
            
            
            CNNVD: CNNVD-202201-559

SOURCES
db:JVNDBid:JVNDB-2021-017523
db:NVDid:CVE-2021-38956
db:CNNVDid:CNNVD-202201-559

LAST UPDATE DATE
2023-12-18T10:52:14.086000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-017523date:2023-01-24T06:14:00
db:NVDid:CVE-2021-38956date:2022-01-13T20:34:22.247
db:CNNVDid:CNNVD-202201-559date:2022-03-10T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-017523date:2023-01-24T00:00:00
db:NVDid:CVE-2021-38956date:2022-01-10T14:10:20.593
db:CNNVDid:CNNVD-202201-559date:2022-01-10T00:00:00