Improper Authentication in IBM Security Access Manager Products
CVE-2019-4158

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager
Vendor: CVE Published:; 25 June 2019

Summary

IBM Security Access Manager versions 9.0.1 through 9.0.6 are affected by a vulnerability that fails to adequately prove a user's identity. This oversight may allow unauthorized users to gain access to resources and functionalities that should be restricted, posing a significant risk to the confidentiality and integrity of protected information. It is crucial for organizations using these versions to apply the necessary security patches and monitor access controls diligently to mitigate potential threats.

Affected Version(s)

Security Access Manager 9.0.1

Security Access Manager 9.0.3

Security Access Manager 9.0.4

References

https://www.ibm.com/support/docview.wss?uid=ibm10888379

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158574

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2019
Vulnerability Reserved
Jan 3, 2019