User Credential Exposure in IBM Verify Gateway by IBM
CVE-2020-4372

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Verify Gateway (ivg)
Vendor: CVE Published:; 22 July 2020

What is CVE-2020-4372?

The IBM Verify Gateway (IVG) versions 1.0.0 and 1.0.1 are susceptible to a security vulnerability where user credentials are stored in plain text. This flaw allows local users to access sensitive information, heightening the risk of unauthorized access and potential account compromise. Organizations using these versions are advised to implement immediate remediation steps to safeguard against this vulnerability. For more details, you can refer to the IBM support page and the X-Force Exchange.

Affected Version(s)

Verify Gateway (IVG) 1.0.0

Verify Gateway (IVG) 1.0.1

References

https://www.ibm.com/support/pages/node/6251289

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/179009

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2020
Vulnerability Reserved
Dec 30, 2019