Severity
Medium
Analysis Summary
CVE-2021-29677
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2021-29676
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
CVE-2021-20583
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation..
CVE-2020-4610
IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks.
CVE-2020-4609
IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
Impact
- Cross-site scripting
- Credential Theft
- Code Execution
- Unauthorized Access
Affected Vendors
IBM
Affected Products
- IBM Security Verify Privilege Vault 10.9.66
- IBM Security Verify Privilege Manager 10.8.2
Remediation
Refer to IBM Security Bulletin 6467045 for patch, upgrade or suggested workaround information.