Lucene search
IBMCC4308AD9E3E9BA7DD45B43C598F52EFC85F584885492074EAFFE9FC8BF8E3F1HistoryJul 15, 2021 - 7:05 p.m.
Security Bulletin: IBM Data Replication Management Console Authentication By-pass against LDAP directories using anonymous binding
2021-07-1519:05:50
www.ibm.com
10
ibm data replication
management console
ldap authentication
vulnerability
fix
ibm infosphere data replication
EPSS
0.003
Percentile
68.7%
Summary
This bulletin covers a vulnerability found in the Management Console client under which authentication may be by-passed if configured to authenticate against LDAP directories allowing anonymous binding.
Vulnerability Details
CVEID:CVE-2020-4821
**DESCRIPTION:**IBM Cognos Controller, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189834 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| InfoSphere Data Replication | 11.4.0 |
| InfoSphere Data Replication | 11.4 |
Remediation/Fixes
Update to the latest offering fix pack found here:
Workarounds and Mitigations
None
Related
prion
prion
Authentication flaw
2021-07-16 17:15:00
nvd
nvd
CVE-2020-4821
2021-07-16 17:15:11
ibm
ibm
cnvd
cnvd
cvelist
cvelist
CVE-2020-4821
2021-07-16 16:50:24
cve
cve
CVE-2020-4821
2021-07-16 17:15:11
EPSS
0.003
Percentile
68.7%
Related for CC4308AD9E3E9BA7DD45B43C598F52EFC85F584885492074EAFFE9FC8BF8E3F1