Lucene search
IBMCEC45E862F5ED48B112F9FC332F0591390834F4CE89E5FBBFE5CE08AEB87F2E5HistoryOct 09, 2020 - 7:44 p.m.
Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability
2020-10-0919:44:01
www.ibm.com
8
0.0004 Low
EPSS
Percentile
12.6%
Summary
IBM Security Guardium has addressed the following vulnerabilities.
Vulnerability Details
CVEID:CVE-2020-4190
**DESCRIPTION:**IBM Security Guardium contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174851 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Guardium | 10.5 |
| IBM Security Guardium | 10.6 |
| IBM Security Guardium | 11.0 |
| IBM Security Guardium | 11.1 |
Remediation/Fixes
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium | 10.5 | | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p535_Bundle_Jul-16-2020&includeSupersedes=0&source=fc
IBM Security Guardium | 10.6 | | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p650_Bundle_Jun-01-2020&includeSupersedes=0&source=fc
IBM Security Guardium | 11.0 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p30_Bundle_Aug-25-2020&includeSupersedes=0&source=fc
IBM Security Guardium | 11.1 | | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p115_Bundle_May-19-2020&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 10.5.0 | |
| ibm security guardium | eq | 10.6.0 | |
| ibm security guardium | eq | 11.0.0 | |
| ibm security guardium | eq | 11.1.0 |
Related
prion
prion
Hardcoded credentials
2020-06-03 15:15:00
cve
cve
CVE-2020-4190
2020-06-03 15:15:12
cvelist
cvelist
CVE-2020-4190
2020-06-02 00:00:00
nvd
nvd
CVE-2020-4190
2020-06-03 15:15:12
0.0004 Low
EPSS
Percentile
12.6%
Related for CEC45E862F5ED48B112F9FC332F0591390834F4CE89E5FBBFE5CE08AEB87F2E5