CVE-2021-38915
First published: Wed Oct 06 2021(Updated: )
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Data Risk Manager | =2.0.6 | |
| IBM DRM | <=2.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-38915.
What is the title of the vulnerability?
The title of the vulnerability is 'IBM Cloud Pak - Risk Manager stores user credentials in plain clear text which can be read by an authenticated user.'
What is the severity of CVE-2021-38915?
The severity of CVE-2021-38915 is medium with a severity value of 6.5.
How can an authenticated user read the plain clear text user credentials in IBM Data Risk Manager 2.0.6?
As an authenticated user, one can read the plain clear text user credentials in IBM Data Risk Manager 2.0.6.
How can I fix CVE-2021-38915?
To fix CVE-2021-38915, apply the patch provided by IBM for IBM Data Risk Manager 2.0.6.
- collector/nvd-index
- collector/ibm-support
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- canonical/ibm drm
- version/ibm drm/2.0.6