CVE-2021-20403: CSRF
First published: Thu Feb 04 2021(Updated: )
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Verify Information Queue | =1.0.6 | |
| IBM Security Verify Information Queue | =1.0.7 | |
| <=1.0.6, 1.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-20403.
What is the severity of CVE-2021-20403?
The severity of CVE-2021-20403 is high with a severity value of 8.8.
What is the affected software?
The affected software is IBM Security Verify Information Queue versions 1.0.6 and 1.0.7.
What is the risk of the vulnerability?
The vulnerability allows for cross-site request forgery, enabling an attacker to execute malicious and unauthorized actions transmitted from a trusted user.
How can I fix CVE-2021-20403?
IBM has provided a fix for the vulnerability. Please refer to the IBM Security Verify Information Queue support pages for more information.
- collector/nvd-index
- agent/type
- agent/references
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm security verify information queue
- version/ibm security verify information queue/1.0.6
- version/ibm security verify information queue/1.0.7
- version/ibm security verify information queue/1.0.6, 1.0.7