Sign-up

ID

VAR-202003-1349


CVE

CVE-2020-4205


TITLE

IBM DataPower Gateway Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003006

DESCRIPTION

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961. IBM DataPower Gateway There is an authentication vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 174961 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform

Trust: 1.71

sources: NVD: CVE-2020-4205 // JVNDB: JVNDB-2020-003006 // VULHUB: VHN-182330

AFFECTED PRODUCTS

vendor:ibmmodel:datapower gatewayscope:lteversion:2018.4.1.8

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:gteversion:2018.4.1.0

Trust: 1.0

vendor:ibmmodel:datapower gatewayscope:eqversion:2018.4.1.0 から 2018.4.1.8

Trust: 0.8

sources: JVNDB: JVNDB-2020-003006 // NVD: CVE-2020-4205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-4205
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4205
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003006
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-1114
value: MEDIUM

Trust: 0.6

VULHUB: VHN-182330
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-4205
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003006
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-182330
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-4205
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4205
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-003006
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-182330 // JVNDB: JVNDB-2020-003006 // CNNVD: CNNVD-202003-1114 // NVD: CVE-2020-4205 // NVD: CVE-2020-4205

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-182330 // JVNDB: JVNDB-2020-003006 // NVD: CVE-2020-4205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1114

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-1114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003006

PATCH
title:6090886url:https://www.ibm.com/support/pages/node/6090886
Trust: 0.8
title:ibm-datapower-cve20204205-sec-bypass (174961)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/174961
Trust: 0.8
title:IBM DataPower Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112600
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003006 // 
            
            
            
            CNNVD: CNNVD-202003-1114

EXTERNAL IDS
db:NVDid:CVE-2020-4205
Trust: 2.5
db:JVNDBid:JVNDB-2020-003006
Trust: 0.8
db:CNNVDid:CNNVD-202003-1114
Trust: 0.7
db:VULHUBid:VHN-182330
Trust: 0.1
sources:
            
            
            VULHUB: VHN-182330 // 
            
            
            
            JVNDB: JVNDB-2020-003006 // 
            
            
            
            CNNVD: CNNVD-202003-1114 // 
            
            
            
            NVD: CVE-2020-4205

REFERENCES
url:https://www.ibm.com/support/pages/node/6090886
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/174961
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-4205
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4205
Trust: 0.8
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-mq-appliance-cve-2020-4025-and-cve-2020-4203/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-certificates-not-removed-from-datapower-valcred-when-updating-corresponding-apic-truststore-cve-2020-4205/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-182330 // 
            
            
            
            JVNDB: JVNDB-2020-003006 // 
            
            
            
            CNNVD: CNNVD-202003-1114 // 
            
            
            
            NVD: CVE-2020-4205

SOURCES
db:VULHUBid:VHN-182330
db:JVNDBid:JVNDB-2020-003006
db:CNNVDid:CNNVD-202003-1114
db:NVDid:CVE-2020-4205

LAST UPDATE DATE
2024-11-23T23:11:32.313000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-182330date:2020-03-20T00:00:00
db:JVNDBid:JVNDB-2020-003006date:2020-04-01T00:00:00
db:CNNVDid:CNNVD-202003-1114date:2020-07-27T00:00:00
db:NVDid:CVE-2020-4205date:2024-11-21T05:32:23.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-182330date:2020-03-19T00:00:00
db:JVNDBid:JVNDB-2020-003006date:2020-04-01T00:00:00
db:CNNVDid:CNNVD-202003-1114date:2020-03-18T00:00:00
db:NVDid:CVE-2020-4205date:2020-03-19T14:15:12.473