Login Sign Up

CVE-2021-20576

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-20576 is a denial-of-service vulnerability in IBM Security Verify Access 20.07 where a remote attacker can send a specially crafted HTTP GET request to crash the application. This affects organizations running IBM Security Verify Access 20.07 without proper patching.

💻 Affected Systems

Products:
  • IBM Security Verify Access
Versions: 20.07
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 20.07 is affected. Earlier and later versions are not vulnerable.

📦 What is this software?

Application Gateway by Ibm

View all CVEs affecting Application Gateway →

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of IBM Security Verify Access, disrupting authentication and access management for all dependent applications.

🟠

Likely Case

Temporary service disruption requiring manual restart of affected components, potentially causing authentication failures for users.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and response.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely via HTTP requests, making internet-facing instances particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this to cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a specially crafted HTTP GET request, which is relatively simple to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix pack 20.07.0.1 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/6457315

Restart Required: Yes

Instructions:

1. Download fix pack 20.07.0.1 or later from IBM Fix Central. 2. Apply the fix pack following IBM's installation instructions. 3. Restart IBM Security Verify Access services.

🔧 Temporary Workarounds

Network Filtering

all

Implement network filtering to block suspicious HTTP GET requests to IBM Security Verify Access endpoints.

🧯 If You Can't Patch

  • Implement strict network access controls to limit HTTP traffic to IBM Security Verify Access from trusted sources only.
  • Deploy web application firewall (WAF) rules to detect and block suspicious HTTP GET request patterns.

🔍 How to Verify

Check if Vulnerable:

Check if IBM Security Verify Access version is exactly 20.07 without fix pack 20.07.0.1 or later applied.

Check Version:

Check version through IBM Security Verify Access administrative console or configuration files.

Verify Fix Applied:

Verify that IBM Security Verify Access version shows 20.07.0.1 or later after applying the fix pack.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application crashes or restarts in IBM Security Verify Access logs
  • HTTP GET requests with unusual patterns or parameters

Network Indicators:

  • Multiple HTTP GET requests to IBM Security Verify Access endpoints from single sources
  • HTTP traffic patterns matching known exploit signatures

SIEM Query:

source="ibm_verify_access" AND (event_type="crash" OR event_type="restart")

📊 Metadata

CVE ID: CVE-2021-20576
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: June 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON