CVE-2021-20439

HIGH

IBM Security Access Manager <9.0 - Info Disclosure

Title source: llm

Description

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.

References (2)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/196453

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6471903

Scores

CVSS v3 7.5

EPSS 0.0021

EPSS Percentile 42.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

ibm/security_access_manager

ibm/security_verify_access

Timeline

Published Jul 15, 2021

Tracked Since Feb 18, 2026