Rewterz Threat Advisory – Multiple IBM Security Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-29677

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2021-29676

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

CVE-2021-20583

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. 

CVE-2020-4610

IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks.

CVE-2020-4609

IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

Impact

• Cross-site scripting
• Credential Theft
• Code Execution
• Unauthorized Access

Affected Vendors

IBM

Affected Products

• IBM Security Verify Privilege Vault 10.9.66
• IBM Security Verify Privilege Manager 10.8.2

Remediation

Refer to IBM Security Bulletin 6467045 for patch, upgrade or suggested workaround information.

https://www.ibm.com/support/pages/node/6467045