← Back

CVE-2021-20410

nvd nist
Published: Feb 12, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 3.6
Source: NVD

Description

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.

Affected (2)

Ibm
1 product
Security Verify Information Queue
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Security Verify Information Queue
Version 1.0.6
Security Verify Information Queue
Version 1.0.7
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.