Login Sign Up

CVE-2021-38921

7.5 HIGH
Authentication Bypass

📋 TL;DR

IBM Security Verify versions 10.0.0 through 10.0.2.0 use weak cryptographic algorithms, allowing attackers to decrypt sensitive information stored or transmitted by the system. This affects organizations using these specific versions of IBM's identity and access management solution.

💻 Affected Systems

Products:
  • IBM Security Verify
Versions: 10.0.0, 10.0.1.0, 10.0.2.0
Operating Systems: Not OS-specific
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers decrypt highly sensitive authentication data, user credentials, or configuration secrets, leading to complete system compromise and identity theft.

🟠

Likely Case

Attackers decrypt moderately sensitive information like session tokens or configuration details, enabling privilege escalation or lateral movement.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires cryptographic analysis capabilities but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.2.1 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/6538418

Restart Required: Yes

Instructions:

1. Download IBM Security Verify version 10.0.2.1 or later from IBM Fix Central. 2. Backup current configuration. 3. Apply the update following IBM's installation guide. 4. Restart all IBM Security Verify services.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to IBM Security Verify to trusted sources only.

Encryption Layer

all

Implement additional encryption layer for sensitive data using strong algorithms.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate IBM Security Verify from untrusted networks.
  • Monitor for unusual cryptographic operations or data access patterns in logs.

🔍 How to Verify

Check if Vulnerable:

Check IBM Security Verify version in administration console or via 'version' command in installation directory.

Check Version:

Check administration console or run version utility in installation path.

Verify Fix Applied:

Verify version is 10.0.2.1 or later and check IBM advisory for specific fix verification steps.

📡 Detection & Monitoring

Log Indicators:

  • Unusual cryptographic operations
  • Failed decryption attempts
  • Unexpected data access patterns

Network Indicators:

  • Unusual traffic to/from IBM Security Verify ports
  • Suspicious cryptographic protocol usage

SIEM Query:

source="ibm_security_verify" AND (event_type="crypto_error" OR data_access="sensitive")

📊 Metadata

CVE ID: CVE-2021-38921
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-327
Published: January 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38921, you might also want to check these:

CVE-2024-51478 9.9

This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptograp...

Same vulnerability type (CWE-327)
CVE-2021-22738 9.8

This vulnerability in Schneider Electric homeLYnk and spaceLYnk systems allows attackers to brute-fo...

Same vulnerability type (CWE-327)
CVE-2025-69929 9.8

This vulnerability in N3uron Web User Interface v1.21.7-240207.1047 allows remote attackers to escal...

Same vulnerability type (CWE-327)