Sign-up

ID

VAR-202007-1087


CVE

CVE-2020-4185


TITLE

IBM Security Guardium Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008973

DESCRIPTION

IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. Vendor exploits this vulnerability IBM X-Force ID: 174803 It is published as.Information may be obtained. IBM Security Guardium is a platform that provides data protection functions from IBM in the United States. The platform includes functions such as custom UI, report management, and streamlined audit process construction. Attackers can use this vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2020-4185 // JVNDB: JVNDB-2020-008973 // CNVD: CNVD-2020-45116 // VULMON: CVE-2020-4185

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-45116

AFFECTED PRODUCTS

vendor:ibmmodel:security guardiumscope:eqversion:10.5

Trust: 2.4

vendor:ibmmodel:security guardiumscope:eqversion:10.6

Trust: 2.4

vendor:ibmmodel:security guardiumscope:eqversion:11.1

Trust: 2.4

sources: CNVD: CNVD-2020-45116 // JVNDB: JVNDB-2020-008973 // NVD: CVE-2020-4185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-4185
value: HIGH

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4185
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008973
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-45116
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-1699
value: HIGH

Trust: 0.6

VULMON: CVE-2020-4185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-4185
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008973
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-45116
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-4185
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4185
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008973
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-45116 // VULMON: CVE-2020-4185 // JVNDB: JVNDB-2020-008973 // CNNVD: CNNVD-202007-1699 // NVD: CVE-2020-4185 // NVD: CVE-2020-4185

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.8

sources: JVNDB: JVNDB-2020-008973 // NVD: CVE-2020-4185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1699

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-1699

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008973

PATCH
title:6254369url:https://www.ibm.com/support/pages/node/6254369
Trust: 0.8
title:ibm-guardium-cve20204185-info-disc (174803)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/174803
Trust: 0.8
title:Patch for IBM Security Guardium encryption issue vulnerability (CNVD-2020-45116)url:https://www.cnvd.org.cn/patchInfo/show/229990
Trust: 0.6
title:IBM Security Guardium Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125724
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-45116 // 
            
            
            
            JVNDB: JVNDB-2020-008973 // 
            
            
            
            CNNVD: CNNVD-202007-1699

EXTERNAL IDS
db:NVDid:CVE-2020-4185
Trust: 3.1
db:JVNDBid:JVNDB-2020-008973
Trust: 0.8
db:CNVDid:CNVD-2020-45116
Trust: 0.6
db:NSFOCUSid:47852
Trust: 0.6
db:CNNVDid:CNNVD-202007-1699
Trust: 0.6
db:VULMONid:CVE-2020-4185
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-45116 // 
            
            
            
            VULMON: CVE-2020-4185 // 
            
            
            
            JVNDB: JVNDB-2020-008973 // 
            
            
            
            CNNVD: CNNVD-202007-1699 // 
            
            
            
            NVD: CVE-2020-4185

REFERENCES
url:https://www.ibm.com/support/pages/node/6254369
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/174803
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-4185
Trust: 1.4
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-broken-or-risky-cryptographic-algorithm-vulnerability/
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4185
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47852
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-45116 // 
            
            
            
            VULMON: CVE-2020-4185 // 
            
            
            
            JVNDB: JVNDB-2020-008973 // 
            
            
            
            CNNVD: CNNVD-202007-1699 // 
            
            
            
            NVD: CVE-2020-4185

SOURCES
db:CNVDid:CNVD-2020-45116
db:VULMONid:CVE-2020-4185
db:JVNDBid:JVNDB-2020-008973
db:CNNVDid:CNNVD-202007-1699
db:NVDid:CVE-2020-4185

LAST UPDATE DATE
2024-08-14T15:17:32.461000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-45116date:2020-08-09T00:00:00
db:VULMONid:CVE-2020-4185date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008973date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202007-1699date:2020-08-18T00:00:00
db:NVDid:CVE-2020-4185date:2020-08-05T13:51:39.510

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-45116date:2020-08-09T00:00:00
db:VULMONid:CVE-2020-4185date:2020-07-30T00:00:00
db:JVNDBid:JVNDB-2020-008973date:2020-10-13T00:00:00
db:CNNVDid:CNNVD-202007-1699date:2020-07-29T00:00:00
db:NVDid:CVE-2020-4185date:2020-07-30T13:15:11.157