Lucene search
IBMF04DC94A46EEBA1CB33184BFD48E709613EA531A551F808450C79C8C35944153HistoryFeb 08, 2021 - 8:36 p.m.
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4795)
2021-02-0820:36:55
www.ibm.com
12
ibm
security
identity governance
vulnerability
access manager
sensitive information
remediation
igi
EPSS
0.001
Percentile
24.2%
Summary
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. The vulnerability concerns the forgot password endpoint for IBM Security Identity Manager that could reveal valid users and allow the reset of their password.
Vulnerability Details
CVEID:CVE-2020-4795
**DESCRIPTION:**IBM Security Access Manager Appliance could disclose sensitive information to an unauthorized user using a specially crafted HTTP request.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189446 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Identity Governance and Intelligence | 5.2.6 |
Remediation/Fixes
| Product Name | VRMF | First Fix |
|---|---|---|
| IGI | 5.2.6 | 10.0.0.0-ISS-ISVG-IGVA-FP0000 |
Workarounds and Mitigations
None
Related
prion
prion
Design/Logic Flaw
2021-02-09 15:15:00
nvd
nvd
CVE-2020-4795
2021-02-09 15:15:13
cvelist
cvelist
CVE-2020-4795
2021-02-09 14:50:23
cve
cve
CVE-2020-4795
2021-02-09 15:15:13
EPSS
0.001
Percentile
24.2%
Related for F04DC94A46EEBA1CB33184BFD48E709613EA531A551F808450C79C8C35944153