Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM50498B4087A1C346BCE07CF79235FA59E5F6AD0F4A8F24D81AFE406EC8B14CB8
HistoryJan 07, 2021 - 6:21 a.m.

Security Bulletin: A Vulnerability Has Been Identified In IBM Security Verify Privilege Manager (CVE-2020-4606)

2021-01-0706:21:42
www.ibm.com
7

0.0004 Low

EPSS

Percentile

5.2%

JSON

Summary

A vulnerability identified in IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager has been addressed in the release 10.8.2

Vulnerability Details

CVEID:CVE-2020-4606
**DESCRIPTION:**IBM Security Secret Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184883 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L)

Affected Products and Versions

All versions of IBM Security Verify Privilege Manager prior to 10.8.2

Remediation/Fixes

Upgrade to the latest release available here.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security secret servereq10.8.2

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2020-4606
2021-01-07 00:00:00
prion
prion
Xxe
2021-01-08 15:15:00
nvd
nvd
CVE-2020-4606
2021-01-08 15:15:11
cve
cve
CVE-2020-4606
2021-01-08 15:15:11

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for 50498B4087A1C346BCE07CF79235FA59E5F6AD0F4A8F24D81AFE406EC8B14CB8
cvelist1prion1nvd1cve1