Lucene search
IBME957856EF57CA0566520011AF9EE566C1768E4C101B3FD82EDE8BF38E3EC2612HistoryJan 20, 2021 - 9:11 a.m.
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4958)
2021-01-2009:11:26
www.ibm.com
13
ibm security
identity governance
vulnerability
rmi connectors
authentication
cve-2020-4958
cvss
igi release
fix
version 5.2.6
EPSS
0.002
Percentile
51.5%
Summary
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. The vulnerability is due to the RMI connectors that do not appear to be authenticated.
Vulnerability Details
CVEID:CVE-2020-4958
**DESCRIPTION:**IBM Security Identity Governance Virtual Appliance does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192209 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Identity Governance and Intelligence | 5.2.6 |
Remediation/Fixes
| Product Name | VRMF | First Fix |
|---|---|---|
| IGI | 5.2.6 | 10.0.0.0-ISS-ISVG-IGVA-FP0000 |
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2020-4958
2021-01-21 14:00:26
nvd
nvd
CVE-2020-4958
2021-01-21 14:15:12
prion
prion
Authentication flaw
2021-01-21 14:15:00
cve
cve
CVE-2020-4958
2021-01-21 14:15:12
EPSS
0.002
Percentile
51.5%
Related for E957856EF57CA0566520011AF9EE566C1768E4C101B3FD82EDE8BF38E3EC2612