Information Disclosure in IBM Verify Gateway from IBM
CVE-2020-4369

5.1MEDIUM

Key Information:

Vendor: IBM
Status: Verify Gateway (ivg)
Vendor: CVE Published:; 22 July 2020

What is CVE-2020-4369?

IBM Verify Gateway versions 1.0.0 and 1.0.1 are susceptible to an information disclosure vulnerability. The software stores highly sensitive information in cleartext, making it accessible to unauthorized users. This could lead to potential security breaches and compromises in user data. It is essential for organizations utilizing affected versions to implement security measures to protect sensitive information.

Affected Version(s)

Verify Gateway (IVG) 1.0.0

Verify Gateway (IVG) 1.0.1

References

https://www.ibm.com/support/pages/node/6251285

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/179004

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2020
Vulnerability Reserved
Dec 30, 2019