Lucene search

IbmCVELIST:CVE-2020-4604

HistoryJan 13, 2021 - 6:10 p.m.

CVE-2020-4604

2021-01-1318:10:32

ibm

www.cve.org

ibm

security

guardium

credentials

plain text

local user

privileged user

CVSS3

4.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

4.2

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.

CNA Affected

[
  {
    "product": "Security Guardium Insights",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/184881

www.ibm.com/support/pages/node/6403463

CVSS3

4.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

4.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2020-4604