Medium Severity

Security Bulletin: IBM Security Verify Bridge uses a hard-coded key to encrypt the client secret (CVE-2021-20442)

Share this post:

The obfuscation logic in IBM Security Verify Bridge (ISVB) relies on a hard-coded key to encrypt the client secret string. This means all ISVB users have the same encryption key. As of v1.0.5, ISVB has re-implemented its obfuscation logic so that each user gets assigned a unique key.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Verify Bridge All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6421025

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms

Apr 14, 2021 9:22 am EDT | Medium Severity

TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Apr 14, 2021 9:21 am EDT | Medium Severity

IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ ...read more


Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability CVE-2020-4997

Apr 13, 2021 12:43 pm EDT | Medium Severity

A cross-site scripting vulnerability was addressed by IBM InfoSphere Information Server. ...read more