CVE-2021-38969

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 59.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Virtualize
Timeline
PublishedMay 11
Latest updateMay 12

Description

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/spectrum_virtualize8.2, 8.3, 8.4+2
NVDibm/spectrum_virtualize8.2.0.0, 8.3.0.0, 8.4.0.0+2

🔴Vulnerability Details

2
GHSA
GHSA-p8c8-w89w-gvv5: IBM Spectrum Virtualize 82022-05-12
CVEList
CVE-2021-38969: IBM Spectrum Virtualize 82022-05-11
CVE-2021-38969 (CRITICAL CVSS 9.8) | IBM Spectrum Virtualize 8.2 | cvebase.io