Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM090560DBE040563199C0AF74D57F74B6398D447529CFB10E8F396FD55655EA51
HistoryMay 13, 2022 - 6:58 p.m.

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information disclosure (CVE-2020-4957)

2022-05-1318:58:07
www.ibm.com
24

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

Summary

IBM Security Identity Governance and Intelligence could disclose sensitive information in URL parameters due to a vulnerability in the Bulk Data Load module (CVE-2020-4957). This vulnerability is resolved by a code fix in the affected part of the product.

Vulnerability Details

CVEID:CVE-2020-4957
**DESCRIPTION:**IBM Security Identity Governance Virtual Appliance could disclose sensitive information in URL parameters that could aid in future attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192208 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Identity Governance and Intelligence 5.2.6

Remediation/Fixes

Affected Product(s) Version(s) First Fix
IBM Security Identity Governance and Intelligence 5.2.6 5.2.6.0-ISS-SIGI-FP0004

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_identity_governance_and_intelligenceMatch5.2.6

Related

cnvd 1
prion 1
nvd 1
cvelist 1
cve 1
cnvd
cnvd
IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability (CNVD-2022-63183)
2022-05-20 00:00:00
prion
prion
Design/Logic Flaw
2022-05-17 16:15:00
nvd
nvd
CVE-2020-4957
2022-05-17 16:15:08
cvelist
cvelist
CVE-2020-4957
2022-05-13 00:00:00
cve
cve
CVE-2020-4957
2022-05-17 16:15:08

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON
Related for 090560DBE040563199C0AF74D57F74B6398D447529CFB10E8F396FD55655EA51
cnvd1prion1nvd1cvelist1cve1