CVE-2021-38911

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 76.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cloud PAK FOR SecurityIBM Security Risk Manager ON Cp4s
Timeline
PublishedOct 19
Latest updateMay 24

Description

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cloud_pak_for_security1.7.2.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-xc25-8vc3-w5p6: IBM Security Risk Manager on CP4S 12022-05-24
CVEList
CVE-2021-38911: IBM Security Risk Manager on CP4S 12021-10-19
CVE-2021-38911 (MEDIUM CVSS 4.9) | IBM Security Risk Manager on CP4S 1 | cvebase.io