Local File Reading Vulnerability in IBM Application Performance Monitoring UI
CVE-2020-4726

4MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Apm
Vendor: CVE Published:; 2 March 2021

Summary

The IBM Application Performance Monitoring UI in version 8.1.4 has a vulnerability that allows web pages to be stored locally. This can enable unauthorized users on the same system to read files that should remain isolated. This could potentially lead to exposure of sensitive information, impacting the overall security of the application environment. Organizations using this version should assess their systems for any potential risks linked to this behavior.

Affected Version(s)

Cloud APM 8.1.4

References

https://www.ibm.com/support/pages/node/6417137

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/187975

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2021
Vulnerability Reserved
Dec 30, 2019