PT-2021-3236 · Ibm · Ibm Security Verify Access

Chris Shepherd

Published

2021-05-31

Updated

2021-06-07

CVE-2021-20575

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Verify Access version 20.07

Description The issue is related to the storage of web pages locally, which can be accessed by another user on the system. This is due to the insecure storage of confidential information. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information.

Recommendations For IBM Security Verify Access version 20.07, consider implementing access controls to restrict unauthorized users from reading locally stored web pages until a fix is available. As a temporary workaround, restrict access to sensitive information stored locally to minimize the risk of exploitation.

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

BDU:2021-02948

CVE-2021-20575

Affected Products

Ibm Security Verify Access

PT-2021-3236 · Ibm · Ibm Security Verify Access

CVE-2021-20575

Weakness Enumeration

Related Identifiers

Affected Products

References · 7