Login Sign Up

CVE-2021-20566

7.5 HIGH

📋 TL;DR

CVE-2021-20566 is a cryptographic weakness vulnerability in IBM Resilient SOAR V38.0 that allows attackers to decrypt sensitive information due to the use of weak encryption algorithms. This affects organizations using IBM Resilient SOAR for security orchestration and incident response, potentially exposing confidential security data and incident details.

💻 Affected Systems

Products:
  • IBM Resilient SOAR
Versions: V38.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments of IBM Resilient SOAR V38.0 regardless of configuration.

📦 What is this software?

Resilient Security Orchestration Automation And Response by Ibm

View all CVEs affecting Resilient Security Orchestration Automation And Response →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of encrypted sensitive data including security incident details, credentials, and confidential organizational information, leading to data breach and operational disruption.

🟠

Likely Case

Partial decryption of sensitive security data, potentially exposing incident response details and security operations information.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though encrypted data remains vulnerable to decryption attempts.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires access to encrypted data and cryptographic analysis capabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V38.0.1 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/6464043

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download and install IBM Resilient SOAR V38.0.1 or later from IBM Fix Central. 3. Apply the update following IBM's installation guide. 4. Restart the Resilient SOAR services. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IBM Resilient SOAR systems from untrusted networks to limit attack surface

Access Control Enhancement

all

Implement strict access controls and monitoring for Resilient SOAR systems

🧯 If You Can't Patch

  • Implement network segmentation to isolate Resilient SOAR from untrusted networks
  • Enhance monitoring and logging for unusual access patterns to encrypted data

🔍 How to Verify

Check if Vulnerable:

Check IBM Resilient SOAR version via administration console or by running 'resilient version' command

Check Version:

resilient version

Verify Fix Applied:

Verify version is V38.0.1 or later and check IBM advisory for specific fix verification steps

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to encrypted data stores
  • Multiple failed decryption attempts
  • Unauthorized access to Resilient SOAR systems

Network Indicators:

  • Unusual outbound traffic from Resilient SOAR systems
  • Traffic patterns suggesting data exfiltration

SIEM Query:

source="resilient_soar" AND (event_type="data_access" OR event_type="encryption_error")

📊 Metadata

CVE ID: CVE-2021-20566
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-327
Published: June 16, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20566, you might also want to check these:

CVE-2024-51478 9.9

This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptograp...

Same vulnerability type (CWE-327)
CVE-2021-22738 9.8

This vulnerability in Schneider Electric homeLYnk and spaceLYnk systems allows attackers to brute-fo...

Same vulnerability type (CWE-327)
CVE-2025-69929 9.8

This vulnerability in N3uron Web User Interface v1.21.7-240207.1047 allows remote attackers to escal...

Same vulnerability type (CWE-327)