6.2
CVE-2021-38938
- EPSS 0.02%
- Veröffentlicht 15.03.2024 16:15:07
- Zuletzt bearbeitet 21.11.2024 06:18:15
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Host Access Transformation Services information disclosure
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Host Access Transformation Services Version >= 9.6 <= 9.6.1.4
Ibm ≫ Host Access Transformation Services Version >= 9.7 <= 9.7.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.054 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.