Weak Cryptographic Algorithms in IBM Security Access Manager
CVE-2019-4151

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager
Vendor: CVE Published:; 25 June 2019

Summary

IBM Security Access Manager versions 9.0.1 to 9.0.6 have been identified to use encryption algorithms that do not meet expected security standards. This vulnerability potentially allows attackers to decrypt sensitive information, presenting a significant risk to data integrity and confidentiality. Organizations using affected versions are urged to review their security measures and apply relevant patches or updates to mitigate risks associated with this cryptographic weakness.

Affected Version(s)

Security Access Manager 9.0.1

Security Access Manager 9.0.3

Security Access Manager 9.0.4

References

https://www.ibm.com/support/docview.wss?uid=ibm10888379

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158512

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2019
Vulnerability Reserved
Jan 3, 2019