Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-4551

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-04 Feb, 2020 | 16:45
Updated At-16 Sep, 2024 | 23:46
Rejected At-
Credits

IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:04 Feb, 2020 | 16:45
Updated At:16 Sep, 2024 | 23:46
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.

Affected Products
Vendor
IBM CorporationIBM
Product
Security Directory Server
Versions
Affected
  • 6.4.0
Problem Types
TypeCWE IDDescription
textN/AObtain Information
Type: text
CWE ID: N/A
Description: Obtain Information
Metrics
VersionBase scoreBase severityVector
3.05.3MEDIUM
CVSS:3.0/C:L/UI:N/PR:N/S:U/AV:N/AC:L/A:N/I:N/E:U/RC:C/RL:O
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/C:L/UI:N/PR:N/S:U/AV:N/AC:L/A:N/I:N/E:U/RC:C/RL:O
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/1288660
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165953
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/pages/node/1288660
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/165953
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/1288660
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/165953
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/1288660
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/165953
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:04 Feb, 2020 | 17:15
Updated At:04 Feb, 2020 | 22:39

IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>security_directory_server>>Versions from 6.4.0.0(inclusive) to 6.4.0.20(exclusive)
cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarynvd@nist.gov
CWE ID: CWE-306
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/165953psirt@us.ibm.com
VDB Entry
https://www.ibm.com/support/pages/node/1288660psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/165953
Source: psirt@us.ibm.com
Resource:
VDB Entry
Hyperlink: https://www.ibm.com/support/pages/node/1288660
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

965Records found
CVE-2020-4365
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.23%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4449
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.70%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 12:55
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-4708
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:55
Updated-16 Sep, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371.

Action-Not Available
Vendor-IBM Corporation
Product-security_trusteer_pinpoint_detectSecurity Trusteer Pinpoint Detect
CVE-2020-4574
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 14:05
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-4985
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.21% / 43.33%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 16:15
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analytics_localPlanning Analytics Local
CVE-2020-4327
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.19% / 40.77%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 14:10
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4873
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 15:20
Updated-17 Sep, 2024 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-4336
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 13:10
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_extreme_scaleWebSphere eXtreme Scale
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4695
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 18:00
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-4625
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.14% / 34.35%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 15:30
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-4907
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4771
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.00%
||
7 Day CHG~0.00%
Published-23 Nov, 2020 | 16:55
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protect_operations_centerlinux_kernelwindowsSpectrum Protect Operations Center
CWE ID-CWE-287
Improper Authentication
CVE-2020-4532
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 17:40
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process Manager Express
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4562
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.38%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:30
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CVE-2020-4957
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 16:00
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4596
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4379
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4898
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:40
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_strategic_supply_managementEmptoris Strategic Supply Management
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4531
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.27%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 17:00
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-252
Unchecked Return Value
CVE-2020-4897
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 48.81%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:40
Updated-17 Sep, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_spend_analysisemptoris_contract_managementEmptoris Contract ManagementEmptoris Spend Analysis
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4342
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 14:10
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CVE-2020-4908
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-17 Sep, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4831
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 16:40
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4965
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 18:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

Action-Not Available
Vendor-IBM Corporation
Product-rational_engineering_lifecycle_managerengineering_requirements_management_doors_nextengineering_test_managementrational_quality_managerengineering_insightsrational_team_concertengineering_workflow_managementdoors_nextcollaborative_lifecycle_managementremovable_media_managementengineering_lifecycle_managementrhapsody_model_managerRational Quality ManagerRational DOORS Next GenerationRational Rhapsody Model ManagerEngineering Workflow ManagementRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test ManagementRational Team Concert
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4341
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.04% / 12.72%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 14:10
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4367
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 13:45
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analytics_localPlanning Analytics Local
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-1682
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.20%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 15:35
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238.

Action-Not Available
Vendor-IBM Corporation
Product-watston_studio_localWatson Studio Local
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4868
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.51%
||
7 Day CHG~0.00%
Published-31 Jul, 2023 | 01:37
Updated-11 Oct, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TRIRIGA information disclosure

IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.

Action-Not Available
Vendor-IBM Corporation
Product-tririga_application_platformTRIRIGA Application Platform
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4761
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 15:10
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4600
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4696
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.73%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 15:30
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-4613
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-16 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4614
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4349
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4616
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.71%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CVE-2018-1612
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.8||MEDIUM
EPSS-78.37% / 98.99%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4567
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.31% / 53.42%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 14:05
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-4476
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.43%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 16:40
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CVE-2020-4584
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.19% / 41.44%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 13:50
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.

Action-Not Available
Vendor-IBM Corporation
Product-i2_ibasei2 iBase
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4400
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.18%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:30
Updated-17 Sep, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.

Action-Not Available
Vendor-IBM Corporation
Product-verify_gatewayVerify Gateway (IVG)
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-4452
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 13:30
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4292
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.28% / 51.37%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 14:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive information. IBM X-Force ID: 176335.

Action-Not Available
Vendor-IBM Corporation
Product-security_information_queueSecurity Information Queue
CVE-2020-4172
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4146
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.14% / 34.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 15:20
Updated-16 Sep, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.

Action-Not Available
Vendor-IBM Corporation
Product-security_siteprotector_systemSecurity SiteProtector System
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2008-1287
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.50% / 65.08%
||
7 Day CHG~0.00%
Published-11 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearquestn/a
CWE ID-CWE-16
Not Available
CVE-2020-4169
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.05%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-16 Sep, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4244
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.73%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 14:45
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CVE-2020-4187
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 14:30
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CVE-2020-4254
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:40
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4174
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 19
  • 20
  • Next
Details not found