CVE-2021-20439 – IBM Security Access Manager 9.0 and IBM Securit... (How to Fix)

Q: What is the severity of CVE-2021-20439?

CVE-2021-20439 has a CVSS score of 7.5 (HIGH). IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 store user credentials in plain text, allowing unauthorized users to read sensitive authentication data. This affects organizations using these specific IBM security products with default or vulnerable configurations.

📋 TL;DR

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 store user credentials in plain text, allowing unauthorized users to read sensitive authentication data. This affects organizations using these specific IBM security products with default or vulnerable configurations.

💻 Affected Systems

Products:

IBM Security Access Manager
IBM Security Verify Access Docker

Versions: IBM Security Access Manager 9.0, IBM Security Verify Access Docker 10.0.0

Operating Systems: Linux (Docker container)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Docker container deployments of IBM Security Verify Access; traditional deployments may have different storage mechanisms.

📦 What is this software?

Security Access Manager by Ibm

View all CVEs affecting Security Access Manager →

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the security system, compromising all protected resources and potentially pivoting to other systems using stolen credentials.

🟠

Likely Case

Unauthorized users access credential files and use them for privilege escalation or lateral movement within the network.

🟢

If Mitigated

With proper access controls and monitoring, credential theft is detected before exploitation, limiting impact to isolated systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to credential storage locations but doesn't require special tools or advanced techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IBM Security Access Manager 9.0.7.1 and later, IBM Security Verify Access Docker 10.0.0.1 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/6471903

Restart Required: Yes

Instructions:

1. Download the latest fix pack from IBM Fix Central. 2. Apply the fix following IBM's installation guide. 3. Restart affected services. 4. Verify credentials are now encrypted.

🔧 Temporary Workarounds

Restrict File Access

linux

Apply strict file permissions to credential storage locations to prevent unauthorized read access.

chmod 600 /path/to/credential/files
chown root:root /path/to/credential/files

Network Segmentation

all

Isolate affected systems from untrusted networks and limit access to authorized administrators only.

🧯 If You Can't Patch

Implement strict access controls and monitoring on credential storage directories
Rotate all credentials stored in the vulnerable systems immediately

🔍 How to Verify

Check if Vulnerable:

Check if credential files in the application's data directory contain plain text passwords or authentication tokens.

Check Version:

docker inspect <container_name> | grep -i version

Verify Fix Applied:

Verify that credential files are now encrypted or hashed, and test authentication still works properly.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to credential storage directories
Failed authentication attempts followed by successful logins with previously stored credentials

Network Indicators:

Unusual authentication patterns or credential reuse across systems

SIEM Query:

source="*access_manager*" AND (event="file_access" OR event="authentication") AND (file_path="*credential*" OR file_path="*password*")

📊 Metadata

CVE ID: CVE-2021-20439

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-522

Published: July 15, 2021

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/6471903 Patch,Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/6471903 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20439, you might also want to check these: