Hard-Coded Credentials Vulnerability in IBM SiteProtector Appliance
CVE-2020-4150

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Security Siteprotector System
Vendor: CVE Published:; 11 July 2022

Summary

IBM SiteProtector Appliance 3.1.1 is susceptible to security risks due to the presence of hard-coded credentials that can be exploited by unauthorized users. These credentials, which may include passwords or cryptographic keys, are utilized for various purposes such as inbound authentication, outbound communication to other components, and encrypting internal data. The existence of these hard-coded values poses a significant risk, allowing potential attackers to gain unauthorized access or control over the affected system.

Affected Version(s)

Security SiteProtector System 3.1.1

References

https://www.ibm.com/support/pages/node/6602547

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/174142

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2022
Vulnerability Reserved
Dec 30, 2019