Improper Authentication in IBM Security Access Manager Products
CVE-2019-4158

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 June 2019

Summary

IBM Security Access Manager versions 9.0.1 through 9.0.6 are affected by a vulnerability that fails to adequately prove a user's identity. This oversight may allow unauthorized users to gain access to resources and functionalities that should be restricted, posing a significant risk to the confidentiality and integrity of protected information. It is crucial for organizations using these versions to apply the necessary security patches and monitor access controls diligently to mitigate potential threats.

Affected Version(s)

Security Access Manager 9.0.1

Security Access Manager 9.0.3

Security Access Manager 9.0.4

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.