What is IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?

IBM Security Access Manager Docker vulnerability (CVE-2021-20511) allows a remote attacker to traverse directories on the system and view arbitrary files by sending a specially-crafted URL request containing dot dot sequences (/../).

What is the severity of IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?

The severity of IBM Security Access Manager Docker vulnerability (CVE-2021-20511) is medium with a severity value of 5.2.

How does IBM Security Access Manager Docker vulnerability (CVE-2021-20511) affect IBM Security Verify Access Docker?

IBM Security Access Manager Docker vulnerability (CVE-2021-20511) affects IBM Security Verify Access Docker 10.0.0 by allowing a remote attacker to traverse directories on the system.

How can an attacker exploit IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?

An attacker can exploit IBM Security Access Manager Docker vulnerability (CVE-2021-20511) by sending a specially-crafted URL request with dot dot sequences (/../) to view arbitrary files on the system.

Is Docker itself vulnerable to IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?

No, Docker itself is not vulnerable to IBM Security Access Manager Docker vulnerability (CVE-2021-20511).

Vulnerability/
CVE-2021-20511

medium

5.2

CWE

17/5/2021

29/9/2021

CVE-2021-20511

First published: Mon May 17 2021(Updated: )

IBM Security Access Manager Docker could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Verify Access Docker	<=10.0.0
IBM Security Verify Access	=10.0.0
Docker Docker

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6471895

Frequently Asked Questions

What is IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?
IBM Security Access Manager Docker vulnerability (CVE-2021-20511) allows a remote attacker to traverse directories on the system and view arbitrary files by sending a specially-crafted URL request containing dot dot sequences (/../).
What is the severity of IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?
The severity of IBM Security Access Manager Docker vulnerability (CVE-2021-20511) is medium with a severity value of 5.2.
How does IBM Security Access Manager Docker vulnerability (CVE-2021-20511) affect IBM Security Verify Access Docker?
IBM Security Access Manager Docker vulnerability (CVE-2021-20511) affects IBM Security Verify Access Docker 10.0.0 by allowing a remote attacker to traverse directories on the system.
How can an attacker exploit IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?
An attacker can exploit IBM Security Access Manager Docker vulnerability (CVE-2021-20511) by sending a specially-crafted URL request with dot dot sequences (/../) to view arbitrary files on the system.
Is Docker itself vulnerable to IBM Security Access Manager Docker vulnerability (CVE-2021-20511)?
No, Docker itself is not vulnerable to IBM Security Access Manager Docker vulnerability (CVE-2021-20511).

collector/ibm-support
collector/nvd-index
vendor/ibm
product/security verify access docker
canonical/ibm security verify access docker
product/security verify access
canonical/ibm security verify access
vendor/docker
product/docker
canonical/docker docker

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.