Sign-up

ID

VAR-202007-1081


CVE

CVE-2020-4369


TITLE

IBM Verify Gateway Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008193

DESCRIPTION

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. Vendor exploits this vulnerability IBM X-Force ID: 179004 It is published as.Information may be obtained. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. A security vulnerability exists in IBM IVG PAM versions 1.0.0 and 1.0.1 due to the fact that the program allows sensitive information to be transmitted in clear text. An attacker could exploit this vulnerability to obtain information

Trust: 1.71

sources: NVD: CVE-2020-4369 // JVNDB: JVNDB-2020-008193 // VULHUB: VHN-182494

AFFECTED PRODUCTS

vendor:ibmmodel:verify gatewayscope:eqversion:1.0.0

Trust: 1.8

vendor:ibmmodel:verify gatewayscope:eqversion:1.0.1

Trust: 1.8

sources: JVNDB: JVNDB-2020-008193 // NVD: CVE-2020-4369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-4369
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4369
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008193
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1344
value: MEDIUM

Trust: 0.6

VULHUB: VHN-182494
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-4369
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008193
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-182494
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-4369
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4369
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.4
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008193
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-182494 // JVNDB: JVNDB-2020-008193 // CNNVD: CNNVD-202007-1344 // NVD: CVE-2020-4369 // NVD: CVE-2020-4369

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.9

sources: VULHUB: VHN-182494 // JVNDB: JVNDB-2020-008193 // NVD: CVE-2020-4369

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1344

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1344

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008193

PATCH
title:6251285url:https://www.ibm.com/support/pages/node/6251285
Trust: 0.8
title:ibm-ivg-cve20204369-info-disc (179004) \url:https://exchange.xforce.ibmcloud.com/vulnerabilities/179004
Trust: 0.8
title:IBM Verify Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124719
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008193 // 
            
            
            
            CNNVD: CNNVD-202007-1344

EXTERNAL IDS
db:NVDid:CVE-2020-4369
Trust: 2.5
db:JVNDBid:JVNDB-2020-008193
Trust: 0.8
db:CNNVDid:CNNVD-202007-1344
Trust: 0.7
db:NSFOCUSid:49297
Trust: 0.6
db:CNVDid:CNVD-2020-44073
Trust: 0.1
db:VULHUBid:VHN-182494
Trust: 0.1
sources:
            
            
            VULHUB: VHN-182494 // 
            
            
            
            JVNDB: JVNDB-2020-008193 // 
            
            
            
            CNNVD: CNNVD-202007-1344 // 
            
            
            
            NVD: CVE-2020-4369

REFERENCES
url:https://www.ibm.com/support/pages/node/6251285
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/179004
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-4369
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4369
Trust: 0.8
url:http://www.nsfocus.net/vulndb/49297
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-components-default-to-cleartext-storage-of-client-secret-cve-2020-4369/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-182494 // 
            
            
            
            JVNDB: JVNDB-2020-008193 // 
            
            
            
            CNNVD: CNNVD-202007-1344 // 
            
            
            
            NVD: CVE-2020-4369

SOURCES
db:VULHUBid:VHN-182494
db:JVNDBid:JVNDB-2020-008193
db:CNNVDid:CNNVD-202007-1344
db:NVDid:CVE-2020-4369

LAST UPDATE DATE
2024-11-23T23:11:23.117000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-182494date:2020-07-24T00:00:00
db:JVNDBid:JVNDB-2020-008193date:2020-09-04T00:00:00
db:CNNVDid:CNNVD-202007-1344date:2020-09-30T00:00:00
db:NVDid:CVE-2020-4369date:2024-11-21T05:32:39.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-182494date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-008193date:2020-09-04T00:00:00
db:CNNVDid:CNNVD-202007-1344date:2020-07-21T00:00:00
db:NVDid:CVE-2020-4369date:2020-07-22T21:15:12.107