Login Sign Up

CVE-2021-38957

7.5 HIGH

📋 TL;DR

IBM Security Verify versions 10.0.0 through 10.0.2.0 contain an input validation vulnerability during QR code generation that could allow attackers to disclose sensitive information. This affects organizations using these vulnerable versions of IBM's identity and access management solution.

💻 Affected Systems

Products:
  • IBM Security Verify
Versions: 10.0.0, 10.0.1.0, 10.0.2.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects QR code generation functionality specifically

📦 What is this software?

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

Security Verify Access by Ibm

View all CVEs affecting Security Verify Access →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive authentication data, session tokens, or configuration information leading to account compromise or system takeover.

🟠

Likely Case

Information disclosure of internal system details or user data that could facilitate further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Vulnerability involves input validation during QR code generation, suggesting relatively straightforward exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.2.1 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/6538418

Restart Required: Yes

Instructions:

1. Download IBM Security Verify version 10.0.2.1 or later from IBM Fix Central. 2. Follow IBM's upgrade documentation for your deployment type. 3. Apply the update and restart all affected services.

🔧 Temporary Workarounds

Disable QR Code Generation

all

Temporarily disable QR code generation functionality if not essential

Network Access Restrictions

all

Restrict access to QR code generation endpoints to trusted networks only

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for QR code generation inputs
  • Deploy web application firewall with input validation rules for QR code endpoints

🔍 How to Verify

Check if Vulnerable:

Check IBM Security Verify version via admin console or configuration files

Check Version:

Check admin console or refer to IBM documentation for version verification

Verify Fix Applied:

Verify version is 10.0.2.1 or later and test QR code generation with malicious inputs

📡 Detection & Monitoring

Log Indicators:

  • Unusual QR code generation requests
  • Multiple failed QR code generation attempts
  • Requests with unusual parameters to QR endpoints

Network Indicators:

  • Unusual traffic patterns to QR code generation endpoints
  • Requests with encoded payloads to QR functionality

SIEM Query:

source="ibm_security_verify" AND (uri="*/qr*" OR uri="*/qrcode*") AND (status=500 OR response_size>threshold)

📊 Metadata

CVE ID: CVE-2021-38957
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-20
Published: January 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38957, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)