Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6957E1A0042B9CEE64135D724A0EA850B799975644A7F1B1408212C0BAFBCC1F
HistoryOct 08, 2020 - 8:12 p.m.

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Access Manager and IBM Security Verify Access (CVE-2020-4661, CVE-2020-4699, CVE-2020-4660)

2020-10-0820:12:15
www.ibm.com
12

0.001 Low

EPSS

Percentile

20.0%

JSON

Summary

Several security vulneraabilties have been fixed in both IBM Security Access Manager and IBM Security Verify Access products.

Vulnerability Details

CVEID:CVE-2020-4661
**DESCRIPTION:**IBM Security Access Manager Appliance could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-4699
**DESCRIPTION:**IBM Security Access Manager Appliance could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-4660
**DESCRIPTION:**IBM Security Access Manager Appliance could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
ISAM 9.0.7
ISVA 10.0.0

Remediation/Fixes

Fix Central

Product Name Fixed in VRMF Fix availability
IBM Security Access Manager 9.0.7.2 fix pack: 9.0.7-ISS-ISAM-FP0002
IBM Security Verify Access 10.0.0.1 fix pack: 10.0.0-ISS-ISVA-FP0001

Docker

Log into docker.com and then execute the corresponding command for the release

ISAM 9.0.7.2 - docker pull ibmcom/isam:9.0.7.2

ISVA 10.0.0.1 - docker pull ibmcom/verify-access:10.0.0.1

AWS Marketplace

Product First Fix availability
ISAM IBM Security Access Manager v9
ISVA IBM Security Verify Access v10

Workarounds and Mitigations

None

Related

prion 3
nvd 3
cve 3
cvelist 3
prion
prion
Code injection
2020-10-12 13:15:00
Code injection
2020-10-12 13:15:00
Code injection
2020-10-12 13:15:00
nvd
nvd
CVE-2020-4661
2020-10-12 13:15:12
CVE-2020-4660
2020-10-12 13:15:12
CVE-2020-4699
2020-10-12 13:15:12
cve
cve
CVE-2020-4661
2020-10-12 13:15:12
CVE-2020-4660
2020-10-12 13:15:12
CVE-2020-4699
2020-10-12 13:15:12
cvelist
cvelist
CVE-2020-4661
2020-10-08 00:00:00
CVE-2020-4660
2020-10-08 00:00:00
CVE-2020-4699
2020-10-08 00:00:00

0.001 Low

EPSS

Percentile

20.0%

JSON
Related for 6957E1A0042B9CEE64135D724A0EA850B799975644A7F1B1408212C0BAFBCC1F
prion3nvd3cve3cvelist3