4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
31.5%
IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service due to vulnerabilities in Vaadin JAR. The fix involves upgrading the Vaadin JAR to the patched version.
CVEID:CVE-2021-31403
**DESCRIPTION:**Vaadin could allow a local attacker to obtain sensitive information, caused by using Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server. By using a timing attack, an attacker could exploit this vulnerability to guess a security token for Fusion endpoints and then use this information to launch further attacks against the affected system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200632 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2021-33609
**DESCRIPTION:**Vaadin is vulnerable to a denial of service, caused by missing check in DataCommunicator class in com.vaadin:vaadin-server. By requesting too many rows of data, a remote authenticated attacker could exploit this vulnerability to cause heap exhaustion.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Governance | 10.0 |
IBM encourages customers to upgrade their systems promptly.
Affected Product(s)
|
Version(s)
|
First Fix
—|—|—
IBM Security Verify Governance
|
10.0.1
|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security verify governance | eq | 10.0 |
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
31.5%