Information Exposure in IBM Security Identity Manager Virtual Appliance
CVE-2019-4676

6.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 July 2020

Summary

The IBM Security Identity Manager Virtual Appliance 7.0.2 is susceptible to a vulnerability where user credentials are stored in plain text. This design flaw allows an unauthorized local user to access sensitive information, posing a significant security risk. It's essential for organizations utilizing this product to review their configurations and implement necessary security measures to protect user credentials.

Affected Version(s)

Security Identity Manager Virtual Appliance 7.0.2

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.