CVE-2021-20499: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access Docker 10.0.0 contains a vulnerability that could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. The vulnerability was discovered and disclosed in July 2021 (IBM Support).

The vulnerability has been assigned CVE-2021-20499 with a CVSS Base score of 2.7 and vector (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). This indicates that the vulnerability requires high privileges to exploit, has low complexity for exploitation, and can potentially lead to limited confidentiality impact (IBM Support).

The primary impact of this vulnerability is the potential exposure of sensitive information through detailed technical error messages displayed in the browser. This information disclosure could be leveraged by attackers to conduct further attacks against the system (IBM Support).

The vulnerability has been fixed in IBM Security Verify Access Docker version 10.0.2.0. Users are advised to update to the latest version by pulling the updated container from the docker store using the command: docker pull ibmcom/verify-access:10.0.2.0. No workarounds are available for this vulnerability (IBM Support).