Inadequate Account Lockout in IBM Verify Gateway
CVE-2020-4400

7.5HIGH

Key Information:

Vendor: IBM
Status: Verify Gateway (ivg)
Vendor: CVE Published:; 22 July 2020

What is CVE-2020-4400?

IBM Verify Gateway versions 1.0.0 and 1.0.1 have been found to possess a vulnerability stemming from inadequate account lockout settings. This weakness potentially enables remote attackers to perform brute force attacks on user account credentials, increasing the risk of unauthorized access to sensitive information.

Affected Version(s)

Verify Gateway (IVG) 1.0.0

Verify Gateway (IVG) 1.0.1

References

https://www.ibm.com/support/pages/node/6251279

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/179478

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2020
Vulnerability Reserved
Dec 30, 2019