Weak Cryptographic Algorithms in IBM Security Access Manager
CVE-2019-4156

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager
Vendor: CVE Published:; 25 June 2019

Summary

IBM Security Access Manager versions 9.0.1 through 9.0.6 utilize cryptographic algorithms that do not meet expected security standards. This weakness can be exploited by attackers, enabling them to decrypt sensitive information and potentially compromise data integrity and confidentiality. Organizations using the affected versions are advised to review their cryptographic implementations and apply necessary updates to mitigate risks.

Affected Version(s)

Security Access Manager 9.0.1

Security Access Manager 9.0.3

Security Access Manager 9.0.4

References

https://www.ibm.com/support/docview.wss?uid=ibm10888379

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158572

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2019
Vulnerability Reserved
Jan 3, 2019