Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF8AF649307F22B67EC00EBFE0883D078B4E909C0894EE87424F1058FA523C39C
HistoryJan 26, 2021 - 5:29 p.m.

Security Bulletin: IBM Cloud Pak for Security could allow a remote user to obtain sensitive information from HTTP response headers (CVE-2020-4815)

2021-01-2617:29:58
www.ibm.com
4

0.001 Low

EPSS

Percentile

42.1%

JSON

Summary

In Cloud Pak for Security 1.4.0.0, a remote user may be able to obtain sensitive information from HTTP response that could be utilised by an attacker. This has been addressed in an update.

Vulnerability Details

CVEID:CVE-2020-4815
**DESCRIPTION:**IBM Cloud Pak for Security (CP4S) could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.4.0.0

Remediation/Fixes

Upgrade to CP4S 1.5.0.0 or greater at <https://cloud.ibm.com/catalog/content/ibm-cp-security-b25bd169-0fbd-4cf3-a8ea-0067316158a4-global&gt; or following <https://www.ibm.com/support/knowledgecenter/en/SSTDPP_1.5.0/platform/docs/security-pak/upgrading.html&gt;

Workarounds and Mitigations

None

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Information disclosure
2021-01-27 13:15:00
cve
cve
CVE-2020-4815
2021-01-27 13:15:13
cvelist
cvelist
CVE-2020-4815
2021-01-26 00:00:00
nvd
nvd
CVE-2020-4815
2021-01-27 13:15:13

0.001 Low

EPSS

Percentile

42.1%

JSON
Related for F8AF649307F22B67EC00EBFE0883D078B4E909C0894EE87424F1058FA523C39C
prion1cve1cvelist1nvd1