CVE-2021-22516 – CVE-2021-22516 is a sensitive information discl... (How to Fix)

Q: What is the severity of CVE-2021-22516?

CVE-2021-22516 has a CVSS score of 7.5 (HIGH). CVE-2021-22516 is a sensitive information disclosure vulnerability in Micro Focus Secure API Manager (SAPIM) version 2.0.0 where sensitive data like credentials or API keys may be written to log files. This affects organizations using the vulnerable SAPIM version for API management. Attackers could potentially access these logs to steal sensitive information.

📋 TL;DR

CVE-2021-22516 is a sensitive information disclosure vulnerability in Micro Focus Secure API Manager (SAPIM) version 2.0.0 where sensitive data like credentials or API keys may be written to log files. This affects organizations using the vulnerable SAPIM version for API management. Attackers could potentially access these logs to steal sensitive information.

💻 Affected Systems

Products:

Micro Focus Secure API Manager (SAPIM)

Versions: 2.0.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only version 2.0.0 is affected. Later versions have been patched.

📦 What is this software?

Secure Api Manager by Microfocus

View all CVEs affecting Secure Api Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of API credentials leading to unauthorized access to all managed APIs, data exfiltration, and lateral movement within the organization's API ecosystem.

🟠

Likely Case

Exposure of API keys, authentication tokens, or configuration secrets that could be used to access specific APIs or services.

🟢

If Mitigated

Limited exposure of non-critical information if proper log access controls and monitoring are in place.

🌐 Internet-Facing: HIGH - If log files are accessible via web interfaces or improper permissions, external attackers could retrieve sensitive data.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could access logs containing sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to log files, which typically requires some level of system access or misconfiguration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1 and later

Vendor Advisory: https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html

Restart Required: Yes

Instructions:

1. Download SAPIM version 2.0.1 or later from Micro Focus support portal. 2. Backup current configuration and data. 3. Stop SAPIM services. 4. Install the updated version. 5. Restore configuration if needed. 6. Restart services.

🔧 Temporary Workarounds

Restrict log file access

linux

Set strict file permissions on log directories to prevent unauthorized access

chmod 640 /var/log/sapim/*
chown root:sapim /var/log/sapim/*

Disable sensitive logging

all

Configure SAPIM to exclude sensitive parameters from logging

🧯 If You Can't Patch

Implement strict access controls on log directories and files
Deploy log monitoring to detect unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check SAPIM version via admin console or configuration files. Version 2.0.0 is vulnerable.

Check Version:

Check the version in SAPIM admin interface or review installation documentation

Verify Fix Applied:

Verify installed version is 2.0.1 or later and check that sensitive data no longer appears in log files.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to log files
Log entries containing API keys, passwords, or tokens

Network Indicators:

Unusual API access patterns from unexpected sources

SIEM Query:

source="sapim_logs" AND ("password" OR "api_key" OR "token")

📊 Metadata

CVE ID: CVE-2021-22516

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532

Published: June 4, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22516, you might also want to check these: