ID

VAR-202007-1087


CVE

CVE-2020-4185


TITLE

IBM Security Guardium Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008973

DESCRIPTION

IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. Vendor exploits this vulnerability IBM X-Force ID: 174803 It is published as.Information may be obtained. IBM Security Guardium is a platform that provides data protection functions from IBM in the United States. The platform includes functions such as custom UI, report management, and streamlined audit process construction. Attackers can use this vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2020-4185 // JVNDB: JVNDB-2020-008973 // CNVD: CNVD-2020-45116 // VULMON: CVE-2020-4185

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-45116

AFFECTED PRODUCTS

vendor:ibmmodel:security guardiumscope:eqversion:10.5

Trust: 2.4

vendor:ibmmodel:security guardiumscope:eqversion:10.6

Trust: 2.4

vendor:ibmmodel:security guardiumscope:eqversion:11.1

Trust: 2.4

sources: CNVD: CNVD-2020-45116 // JVNDB: JVNDB-2020-008973 // NVD: CVE-2020-4185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-4185
value: HIGH

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4185
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008973
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-45116
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-1699
value: HIGH

Trust: 0.6

VULMON: CVE-2020-4185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-4185
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008973
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-45116
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-4185
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4185
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008973
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-45116 // VULMON: CVE-2020-4185 // JVNDB: JVNDB-2020-008973 // CNNVD: CNNVD-202007-1699 // NVD: CVE-2020-4185 // NVD: CVE-2020-4185

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.8

sources: JVNDB: JVNDB-2020-008973 // NVD: CVE-2020-4185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1699

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-1699

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008973

PATCH

title:6254369url:https://www.ibm.com/support/pages/node/6254369

Trust: 0.8

title:ibm-guardium-cve20204185-info-disc (174803)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/174803

Trust: 0.8

title:Patch for IBM Security Guardium encryption issue vulnerability (CNVD-2020-45116)url:https://www.cnvd.org.cn/patchInfo/show/229990

Trust: 0.6

title:IBM Security Guardium Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125724

Trust: 0.6

sources: CNVD: CNVD-2020-45116 // JVNDB: JVNDB-2020-008973 // CNNVD: CNNVD-202007-1699

EXTERNAL IDS

db:NVDid:CVE-2020-4185

Trust: 3.1

db:JVNDBid:JVNDB-2020-008973

Trust: 0.8

db:CNVDid:CNVD-2020-45116

Trust: 0.6

db:NSFOCUSid:47852

Trust: 0.6

db:CNNVDid:CNNVD-202007-1699

Trust: 0.6

db:VULMONid:CVE-2020-4185

Trust: 0.1

sources: CNVD: CNVD-2020-45116 // VULMON: CVE-2020-4185 // JVNDB: JVNDB-2020-008973 // CNNVD: CNNVD-202007-1699 // NVD: CVE-2020-4185

REFERENCES

url:https://www.ibm.com/support/pages/node/6254369

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/174803

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-4185

Trust: 1.4

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-broken-or-risky-cryptographic-algorithm-vulnerability/

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4185

Trust: 0.8

url:http://www.nsfocus.net/vulndb/47852

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/327.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-45116 // VULMON: CVE-2020-4185 // JVNDB: JVNDB-2020-008973 // CNNVD: CNNVD-202007-1699 // NVD: CVE-2020-4185

SOURCES

db:CNVDid:CNVD-2020-45116
db:VULMONid:CVE-2020-4185
db:JVNDBid:JVNDB-2020-008973
db:CNNVDid:CNNVD-202007-1699
db:NVDid:CVE-2020-4185

LAST UPDATE DATE

2024-08-14T15:17:32.461000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-45116date:2020-08-09T00:00:00
db:VULMONid:CVE-2020-4185date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008973date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202007-1699date:2020-08-18T00:00:00
db:NVDid:CVE-2020-4185date:2020-08-05T13:51:39.510

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-45116date:2020-08-09T00:00:00
db:VULMONid:CVE-2020-4185date:2020-07-30T00:00:00
db:JVNDBid:JVNDB-2020-008973date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202007-1699date:2020-07-29T00:00:00
db:NVDid:CVE-2020-4185date:2020-07-30T13:15:11.157