A vulnerability identified in IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager has been addressed in the release 10.8.2
CVEID:CVE-2020-4606
**DESCRIPTION:**IBM Security Secret Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184883 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L)
All versions of IBM Security Verify Privilege Manager prior to 10.8.2
Upgrade to the latest release available here.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security secret server | eq | 10.8.2 |