PT-2022-5287 · Ibm · Ibm Host Access Transformation Services
Published
2022-10-28
·
Updated
2024-03-19
·
CVE-2021-38938
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Host Access Transformation Services (HATS) versions 9.6 through 9.6.1.4
IBM Host Access Transformation Services (HATS) versions 9.7 through 9.7.0.3
Description
The issue is related to the storage of user credentials in plain clear text, which can be read by a local user. This can allow an attacker to gain unauthorized access to protected information.
Recommendations
For versions 9.6 through 9.6.1.4, update to a version that stores user credentials securely.
For versions 9.7 through 9.7.0.3, update to a version that stores user credentials securely.
As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Host Access Transformation Services