logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access

Description

## Summary Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access product. ## Vulnerability Details ** CVEID: **[CVE-2021-3520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520>) ** DESCRIPTION: **lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted file, an attacker could invoke memmove() on a negative size argument leading to memory corruption and trigger an out-of-bounds write or cause the library to crash. CVSS Base score: 8.6 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202592>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) ** CVEID: **[CVE-2021-38957](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38957>) ** DESCRIPTION: **IBM Security Verify could disclose sensitive information due to hazardous input validation during QR code generation. CVSS Base score: 3.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212040](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212040>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2020-13434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434>) ** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an integer overflow in the sqlite3_str_vappendf function. By sending a specially-crafted request, a remote attacker could overflow a buffer and cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182405>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-15358](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358>) ** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a heap-based buffer overflow in the mishandling of query-flattener optimization in select.c. By sending a specially-crafted query, a local authenticated attacker could overflow a buffer and cause the application to crash. CVSS Base score: 5.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184103>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-13012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012>) ** DESCRIPTION: **GNOME GLib could allow a local attacker to bypass security restrictions, caused by improper permission control in the keyfile settings backend. An attacker could exploit this vulnerability to bypass access restrictions. CVSS Base score: 3.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166666](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166666>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) ** CVEID: **[CVE-2021-27218](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27218>) ** DESCRIPTION: **GNOME GLib is vulnerable to a denial of service, caused by an error when invoking g_byte_array_new_take() with a buffer of 4GB or more on a 64-bit platform. An attacker could exploit this vulnerability to cause unintended length truncation. CVSS Base score: 6.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196784>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-27219](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27219>) ** DESCRIPTION: **GNOME GLib could allow a remote attacker to cause a denial of service, caused by an integer overflow in the g_bytes_new function. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196782>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-8927](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927>) ** DESCRIPTION: **Brotli is vulnerable to buffer overflow. By controlling the input length of a "one-shot" decompression request to a script, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188304>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ** CVEID: **[CVE-2020-24977](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977>) ** DESCRIPTION: **GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187847>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-3516](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516>) ** DESCRIPTION: **libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202838](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202838>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-3517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517>) ** DESCRIPTION: **GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal() in entities.c. By sending a specially crafted file, a remote attacker could trigger an out-of-bounds read and execute arbitrary code on the system or cause a denial of service. CVSS Base score: 8.6 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202526>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) ** CVEID: **[CVE-2021-3518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518>) ** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 8.6 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) ** CVEID: **[CVE-2021-3537](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537>) ** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when parsing XML mixed content in recovery mode and post-validated. A remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203084>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-3541](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541>) ** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack which bypasses all existing protection mechanisms. A remote authenticated attacker could exploit this vulnerability to consume all available resources. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204818](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204818>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-38894](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38894>) ** DESCRIPTION: **IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. CVSS Base score: 2.7 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209515>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2021-38921](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38921>) ** DESCRIPTION: **IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base score: 5.9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/210067](<https://exchange.xforce.ibmcloud.com/vulnerabilities/210067>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) ** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) ** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. CVSS Base score: 7.4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) ** CVEID: **[CVE-2021-38956](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38956>) ** DESCRIPTION: **IBM Security Verify could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212038](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212038>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2016-10228](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228>) ** DESCRIPTION: **GNU C Library (glibc) is vulnerable to a denial of service, caused by an error in the iconv program. By processing invalid multi-byte input sequences, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124078](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124078>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2019-9169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169>) ** DESCRIPTION: **GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the proceed_next_node function in posix/regexec.c. By sending a specially-crafted argument using a case-insensitive regular-expression match, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157800>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2019-25013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013>) ** DESCRIPTION: **GNU glibc is vulnerable to a denial of service, caused by a buffer over-read in iconv feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a SIGSEGV. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194579>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-27618](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618>) ** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an error when processing some invalid inputs from several IBM character sets in the iconv function. By sending invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base score: 5.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196446>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-3326](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326>) ** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an assertion failure when processing invalid input sequences in the ISO-2022-JP-3 encoding in the iconv function. By sending specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195732>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-20305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305>) ** DESCRIPTION: **Nettle could allow a remote attacker to bypass security restrictions, caused by a flaw related to several signature verification functions result in the Elliptic Curve Cryptography point (ECC) multiply function being invoked with out-of-range scalers. An attacker could exploit this vulnerability to force an invalid signature, causing an assertion failure or possible validation. CVSS Base score: 8.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199653>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-38895](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38895>) ** DESCRIPTION: **IBM Security Verify is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base score: 3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209563>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N) ** CVEID: **[CVE-2021-32027](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32027>) ** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow while modifying certain SQL array values. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202823>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-32028](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32028>) ** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table. By creating prerequisite objects, an attacker could exploit this vulnerability to read arbitrary bytes of server memory. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203616](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203616>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2021-32029](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32029>) ** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by an error when using an UPDATE…RETURNING command on a purpose-crafted table. An attacker could exploit this vulnerability to read arbitrary bytes of server memory. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207909](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207909>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2021-3393](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3393>) ** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the error messages. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain sensitive information from a column they have UPDATE permission but not SELECT permission to, and use this information to launch further attacks against the affected system. CVSS Base score: 3.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199296>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Security Verify Access| 10.0.0 ## Remediation/Fixes **For the ISAM/ISVA appliances** Affected Products and Versions| Fix availability ---|--- IBM Security Verify Access 10.0.0.0 | [10.0.3-ISS-ISVA-FP0000](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Access&release=10.0.0.0&platform=Linux&function=fixId&fixids=10.0.3-ISS-ISVA-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http> "10.0.3-ISS-ISVA-FP0000" ) **IBM Security Verify Access** (Container) For Version 10.0.0.0 * Obtain the latest version of the container by running the following command “docker pull ibmcom/verify-access:[tag]” Where [tag] is the latest published version and can be confirmed [here](<https://hub.docker.com/r/ibmcom/verify-access/tags> "here" ) ## Workarounds and Mitigations None ## Get Notified about Future Security Bulletins Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this. ### References [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> "Link resides outside of ibm.com" ) [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> "Link resides outside of ibm.com" ) Off ## Related Information [IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) [IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>) ## Acknowledgement John Zuccato, Rodney Ryan, Chris Shepherd, Vincent Dragnea, Troy Fisher, Nathan Roane, Gabor Minyo, Geoffrey Owden and Ben Goodspeed from IBM X-Force Ethical Hacking Team ## Change History 14 Sep 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. ## Disclaimer Review the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment. ## Document Location Worldwide [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRGTL","label":"IBM Security Verify Access"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0.0, 10.0.1.0, 10.0.2.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]


Affected Software


CPE Name Name Version
ibm security verify access 10.0.0
ibm security verify access 10.0.1.0
ibm security verify access 10.0.2.0

Related