Information Disclosure Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2020-4791

6.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Governance And Intelligence
Vendor: CVE Published:; 9 February 2021

Summary

A vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 allows attackers to exploit improper certificate validation, potentially leading to sensitive information exposure through man-in-the-middle attacks. This flaw emphasizes the importance of robust security practices and proper certificate handling to safeguard against unauthorized access to critical data.

Affected Version(s)

Security Identity Governance and Intelligence 5.2.6

References

https://www.ibm.com/support/pages/node/6403265

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/189379

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 9, 2021
Vulnerability Reserved
Dec 30, 2019