Hard-Coded Credential Vulnerability in IBM Verify Gateway
CVE-2020-4385

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Verify Gateway (ivg)
Vendor: CVE Published:; 22 July 2020

Summary

IBM Verify Gateway versions 1.0.0 and 1.0.1 are affected by a vulnerability involving hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. This security flaw exposes systems to potential unauthorized access and data breaches, putting sensitive information at risk.

Affected Version(s)

Verify Gateway (IVG) 1.0.0

Verify Gateway (IVG) 1.0.1

References

https://www.ibm.com/support/pages/node/6251291

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/179266

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 22, 2020
Vulnerability Reserved
Dec 30, 2019