Vulnerability-Lookup

CNVD-2024-14664

Vulnerability from cnvd - Published: 2024-03-26

Title

IBM Host Access Transformation Services凭证保护不足漏洞

Description

IBM Host Access Transformation Services是美国国际商业机器（IBM）公司的一种软件解决方案。 IBM Host Access Transformation Services存在凭证保护不足漏洞，该漏洞源于以纯明文的形式存储用户凭证，攻击者可利用该漏洞读取这些凭证。

Severity

中

Patch Name

IBM Host Access Transformation Services凭证保护不足漏洞的补丁

Patch Description

IBM Host Access Transformation Services是美国国际商业机器（IBM）公司的一种软件解决方案。 IBM Host Access Transformation Services存在凭证保护不足漏洞，该漏洞源于以纯明文的形式存储用户凭证，攻击者可利用该漏洞读取这些凭证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/6832964

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/210989

Impacted products

Name
['IBM Host Access Transformation Services >=9.6，<=9.6.1.4', 'IBM Host Access Transformation Services >=9.7，<=9.7.0.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-38938"
    }
  },
  "description": "IBM Host Access Transformation Services\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u79cd\u8f6f\u4ef6\u89e3\u51b3\u65b9\u6848\u3002\n\nIBM Host Access Transformation Services\u5b58\u5728\u51ed\u8bc1\u4fdd\u62a4\u4e0d\u8db3\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ee5\u7eaf\u660e\u6587\u7684\u5f62\u5f0f\u5b58\u50a8\u7528\u6237\u51ed\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u8fd9\u4e9b\u51ed\u8bc1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/6832964",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14664",
  "openTime": "2024-03-26",
  "patchDescription": "IBM Host Access Transformation Services\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u79cd\u8f6f\u4ef6\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM Host Access Transformation Services\u5b58\u5728\u51ed\u8bc1\u4fdd\u62a4\u4e0d\u8db3\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ee5\u7eaf\u660e\u6587\u7684\u5f62\u5f0f\u5b58\u50a8\u7528\u6237\u51ed\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u8fd9\u4e9b\u51ed\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Host Access Transformation Services\u51ed\u8bc1\u4fdd\u62a4\u4e0d\u8db3\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Host Access Transformation Services \u003e=9.6\uff0c\u003c=9.6.1.4",
      "IBM Host Access Transformation Services \u003e=9.7\uff0c\u003c=9.7.0.3"
    ]
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210989",
  "serverity": "\u4e2d",
  "submitTime": "2024-03-19",
  "title": "IBM Host Access Transformation Services\u51ed\u8bc1\u4fdd\u62a4\u4e0d\u8db3\u6f0f\u6d1e"
}

CVE-2021-38938 (GCVE-0-2021-38938)

Vulnerability from cvelistv5 – Published: 2024-03-15 15:38 – Updated: 2024-08-04 01:51

Title

IBM Host Access Transformation Services information disclosure

Summary

IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989.

Severity

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-522 - Insufficiently Protected Credentials

Assigner

ibm

References

2 references

URL	Tags
https://www.ibm.com/support/pages/node/6832964	vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry

Impacted products

1 product

Vendor	Product	Version
IBM	Host Access Transformation Services	Affected: 9.6 , ≤ 9.6.1.4 (semver) Affected: 9.7 , ≤ 9.7.0.3 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-38938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T21:19:49.774696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T21:19:56.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.740Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6832964"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210989"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Host Access Transformation Services",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "9.6.1.4",
              "status": "affected",
              "version": "9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.7.0.3",
              "status": "affected",
              "version": "9.7",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  210989."
            }
          ],
          "value": "IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  210989."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522 Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-15T15:38:40.853Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6832964"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210989"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Host Access Transformation Services information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38938",
    "datePublished": "2024-03-15T15:38:40.853Z",
    "dateReserved": "2021-08-16T18:59:46.180Z",
    "dateUpdated": "2024-08-04T01:51:20.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-14664

CVE-2021-38938 (GCVE-0-2021-38938)

Tags

Sightings

Nomenclature