Plaintext Credential Storage in IBM Security Guardium Insights
CVE-2020-4604

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Guardium Insights
Vendor: CVE Published:; 13 January 2021

Summary

IBM Security Guardium Insights 2.0.2 contains a vulnerability where user credentials are stored unencrypted in plaintext. This design flaw allows a local privileged user to easily access and read sensitive credential information, posing a significant risk to data security and user privacy. It is crucial for organizations using this product to address this vulnerability promptly to mitigate the potential for unauthorized access and data breaches.

Affected Version(s)

Security Guardium Insights 2.0.2

References

https://www.ibm.com/support/pages/node/6403463

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/184881

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2021
Vulnerability Reserved
Dec 30, 2019