Vulnerability Details : CVE-2021-20410
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.
Products affected by CVE-2021-20410
- cpe:2.3:a:ibm:security_verify_information_queue:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_verify_information_queue:1.0.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20410
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20410
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
IBM Corporation | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2021-20410
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-20410
-
https://www.ibm.com/support/pages/node/6414773
Security Bulletin: IBM Security Verify Information Queue does not hide the InfluxDB credentials when setting up the logs stack (CVE-2021-20410)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/196190
Vulnerability ReportVDB Entry;Vendor Advisory
Jump to