Sign-up

ID

VAR-202202-1031


CVE

CVE-2021-39070


TITLE

IBM Security Verify Access  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018290

DESCRIPTION

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. Vendor exploits this vulnerability IBM X-Force ID: 215353 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.16

sources: NVD: CVE-2021-39070 // JVNDB: JVNDB-2021-018290 // CNNVD: CNNVD-202202-135

AFFECTED PRODUCTS

vendor:ibmmodel:security verify access dockerscope:eqversion:10.0.0

Trust: 1.0

vendor:ibmmodel:security verify accessscope:eqversion:10.0.2.0

Trust: 1.0

vendor:ibmmodel:security verify access dockerscope:eqversion:10.0.1.0

Trust: 1.0

vendor:ibmmodel:security verify accessscope:eqversion:10.0.1.0

Trust: 1.0

vendor:ibmmodel:security verify access dockerscope:eqversion:10.0.2.0

Trust: 1.0

vendor:ibmmodel:security verify accessscope:eqversion:10.0.0

Trust: 1.0

vendor:ibmmodel:security verify accessscope: - version: -

Trust: 0.8

vendor:ibmmodel:security verify access dockerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-018290 // NVD: CVE-2021-39070

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-39070
value: CRITICAL

Trust: 1.8

psirt@us.ibm.com: CVE-2021-39070
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202202-135
value: CRITICAL

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-39070
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@us.ibm.com:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2021-39070
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-018290 // NVD: CVE-2021-39070 // NVD: CVE-2021-39070 // CNNVD: CNNVD-202202-135

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-018290 // NVD: CVE-2021-39070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-135

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-135

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-39070

PATCH
title:6552318 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6552318
Trust: 0.8
title:IBM Security Verify Access Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180228
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-018290 // 
            
            
            
            CNNVD: CNNVD-202202-135

EXTERNAL IDS
db:NVDid:CVE-2021-39070
Trust: 3.2
db:JVNDBid:JVNDB-2021-018290
Trust: 0.8
db:CNNVDid:CNNVD-202202-135
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-018290 // 
            
            
            
            NVD: CVE-2021-39070 // 
            
            
            
            CNNVD: CNNVD-202202-135

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/215353
Trust: 1.6
url:https://www.ibm.com/support/pages/node/6552318
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-39070
Trust: 1.4
sources:
            
            
            JVNDB: JVNDB-2021-018290 // 
            
            
            
            NVD: CVE-2021-39070 // 
            
            
            
            CNNVD: CNNVD-202202-135

SOURCES
db:JVNDBid:JVNDB-2021-018290
db:NVDid:CVE-2021-39070
db:CNNVDid:CNNVD-202202-135

LAST UPDATE DATE
2023-12-18T13:51:14.193000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-018290date:2023-05-08T06:23:00
db:NVDid:CVE-2021-39070date:2022-07-12T17:42:04.277
db:CNNVDid:CNNVD-202202-135date:2022-07-14T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-018290date:2023-05-08T00:00:00
db:NVDid:CVE-2021-39070date:2022-02-02T12:15:08.140
db:CNNVDid:CNNVD-202202-135date:2022-02-02T00:00:00