Wiz
Vulnerability DatabaseCVE-2021-38957

CVE-2021-38957
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

Overview

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation (IBM Security Bulletin, CVE Mitre). The vulnerability was discovered and disclosed in January 2022.

Technical details

The vulnerability is related to improper input validation during QR code generation processes. It has been assigned a CVSS Base score of 3.1, with a vector of (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a network-accessible vulnerability with high attack complexity, requiring user interaction, and potentially resulting in low confidentiality impact (IBM Security Bulletin).

Impact

The vulnerability could lead to the disclosure of sensitive information. The impact is considered relatively low, as indicated by the CVSS scoring, affecting only the confidentiality aspect of the system with no impact on integrity or availability (IBM Security Bulletin).

Mitigation and workarounds

IBM has released fixes for the vulnerability. For ISAM/ISVA appliances version 10.0.0.0, the fix is available in version 10.0.3-ISS-ISVA-FP0000. For container deployments, users should obtain the latest version of the container by running the command 'docker pull ibmcom/verify-access:[tag]' where [tag] is the latest published version (IBM Security Bulletin).

Additional resources

SourceThis report was generated using AI

Related IBM Security Verify Access (formerly ISAM) vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-36087CRITICAL9.8
  • IBM Security Verify Access (formerly ISAM)IBM Security Verify Access (formerly ISAM)
  • cpe:2.3:a:ibm:security_verify_access
NoNoOct 13, 2025
CVE-2025-36356CRITICAL9.3
  • IBM Security Verify Access (formerly ISAM)IBM Security Verify Access (formerly ISAM)
  • cpe:2.3:a:ibm:security_verify_access
NoNoOct 06, 2025
CVE-2025-36355HIGH8.5
  • IBM Security Verify Access (formerly ISAM)IBM Security Verify Access (formerly ISAM)
  • cpe:2.3:a:ibm:security_verify_access
NoNoOct 06, 2025
CVE-2025-36354HIGH7.3
  • IBM Security Verify Access (formerly ISAM)IBM Security Verify Access (formerly ISAM)
  • cpe:2.3:a:ibm:security_verify_access
NoNoOct 06, 2025
CVE-2025-0163MEDIUM5.3
  • IBM Security Verify Access (formerly ISAM)IBM Security Verify Access (formerly ISAM)
  • cpe:2.3:a:ibm:security_verify_access
NoYesJun 11, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo