CVE-2021-38957: Input Validation

Q: What is the severity of CVE-2021-38957?

The severity of CVE-2021-38957 is high.

Q: How does CVE-2021-38957 affect IBM Security Verify Access?

CVE-2021-38957 affects IBM Security Verify Access versions 10.0.0, 10.0.1.0, and 10.0.2.0.

Q: What is the risk of disclosing sensitive information due to hazardous input validation during QR code generation in IBM Security Verify?

The risk of disclosing sensitive information due to hazardous input validation during QR code generation in IBM Security Verify is high.

Q: How can I fix the vulnerability in IBM Security Verify?

To fix the vulnerability in IBM Security Verify, upgrade to a version that is not affected, as recommended by IBM.

Q: Where can I find more information about CVE-2021-38957?

You can find more information about CVE-2021-38957 on the IBM X-Force Exchange website and the IBM Support page.

Published Sep 14, 2021

Updated

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.

Other sources

IBM Security Verify could disclose sensitive information due to hazardous input validation during QR code generation.

— IBM

Affected Software

4 affected components

IBM Security Verify Access<=10.0.0

IBM Security Verify Access=10.0.0

IBM Security Verify Access=10.0.1.0

IBM Security Verify Access=10.0.2.0

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6538418

Event History

Sep 14, 2021

CVE Published

via IBM·12:00 AM

Jan 7, 2022

CVE Published

via MITRE·05:55 PM

Data Sourced

via MITRE·05:55 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6538418

Frequently Asked Questions

What is the severity of CVE-2021-38957?

The severity of CVE-2021-38957 is high.

How does CVE-2021-38957 affect IBM Security Verify Access?