IBM72E85A191C28CE19D5FDDF9966E28E536F8A0B2F8B3AD9A367F6AA377FAF7A4BSecurity Bulletin: IBM Security Information Queue could reveal sensitive data in application error messages (CVE-2020-4164)
0.001 Low
EPSS
Percentile
19.6%
Summary
In response to certain application errors, IBM Security Information Queue (ISIQ) could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v1.0.6, ISIQ no longer includes sensitve data when outputting error messages.
Vulnerability Details
CVEID:CVE-2020-4164
**DESCRIPTION:**IBM Security Information Queue (ISIQ) could expose sensitive information from applicatino errors which could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174400 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Information Queue (ISIQ) | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5 |
Remediation/Fixes
Download and install the latest IBM Security Information Queue images (tagged at 1.0.6 or greater) from the Docker Hub repository. The instructions for accessing and deploying the images can be found on the ISIQ starter kit page: <https://www.ibm.com/support/pages/ibm-security-information-queue-starter-kit>
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
19.6%