Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFE123872E048A7FCC379C09229E244E8E2B0F7952E8661CE83FD0C358FC23E26
HistoryMar 17, 2021 - 4:50 p.m.

Security Bulletin: IBM Resilient vulnerable to username enumeration (CVE-2020-4635)

2021-03-1716:50:30
www.ibm.com
9

0.001 Low

EPSS

Percentile

27.9%

JSON

Summary

IBM Resilient could disclose sensitive information by allowing a user to enumerate usernames. An attacker may use this to determine if a user exists or not.

Vulnerability Details

CVEID:CVE-2020-4635
**DESCRIPTION:**IBM Resilient could disclose sensitive information by allowing a user to enumerate usernames.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185502 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Resilient OnPrem IBM Security SOAR

Remediation/Fixes

Users must upgrade to v40.1 of IBM Resilient in order to obtain a fix for this vulnerability. This version implements a rate-limiting and fuzzing feature to defend against such attacks.

You can upgrade the platform by following the instructions in the “Upgrade Procedure” section in the IBM Knowledge Center.

Workarounds and Mitigations

None

Related

cvelist 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2020-4635
2021-03-17 00:00:00
prion
prion
Code injection
2021-03-19 16:15:00
cve
cve
CVE-2020-4635
2021-03-19 16:15:12
nvd
nvd
CVE-2020-4635
2021-03-19 16:15:12

0.001 Low

EPSS

Percentile

27.9%

JSON
Related for FE123872E048A7FCC379C09229E244E8E2B0F7952E8661CE83FD0C358FC23E26
cvelist1prion1cve1nvd1