Improper Authentication in IBM Security Access Manager Products
CVE-2019-4158
5.4MEDIUM
Summary
IBM Security Access Manager versions 9.0.1 through 9.0.6 are affected by a vulnerability that fails to adequately prove a user's identity. This oversight may allow unauthorized users to gain access to resources and functionalities that should be restricted, posing a significant risk to the confidentiality and integrity of protected information. It is crucial for organizations using these versions to apply the necessary security patches and monitor access controls diligently to mitigate potential threats.
Affected Version(s)
Security Access Manager 9.0.1
Security Access Manager 9.0.3
Security Access Manager 9.0.4
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved