IBM Security Verify 10.0.0/10.0.1.0/10.0.2.0 Web UI cross site scripting

Summaryinfo

A vulnerability labeled as problematic has been found in IBM Security Verify 10.0.0/10.0.1.0/10.0.2.0. This impacts an unknown function of the component Web UI. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2021-38895. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in IBM Security Verify 10.0.0/10.0.1.0/10.0.2.0. It has been rated as problematic. Affected by this issue is an unknown part of the component Web UI. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Impacted is integrity.

The weakness was released 01/10/2022. The advisory is shared for download at ibm.com. This vulnerability is handled as CVE-2021-38895 since 08/16/2021. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1059.007.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (209563). Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• IBM

Name

• Security Verify

Version

• 10.0.0
• 10.0.1.0
• 10.0.2.0

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion