Details of VAR-202010-1442

ID

VAR-202010-1442

CVE

CVE-2020-4660

TITLE

IBM Security Access Manager and IBM Security Verify Access Vulnerability regarding information leakage due to difference in response to security-related processing

Trust: 0.8

sources: JVNDB: JVNDB-2020-012244

DESCRIPTION

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing

Trust: 2.7

sources: NVD: CVE-2020-4660 // JVNDB: JVNDB-2020-012244 // CNVD: CNVD-2020-59033 // CNNVD: CNNVD-202010-322

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-59033

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.0	Trust: 2.4
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.7.0	Trust: 1.0
vendor:	ibm	model:	security access manager	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.7	Trust: 0.6

sources: CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012244 // NVD: CVE-2020-4660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-4660
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2020-4660
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-4660
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-59033
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202010-322
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-4660
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-59033
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2020-4660
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-4660
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012244 // CNNVD: CNNVD-202010-322 // NVD: CVE-2020-4660 // NVD: CVE-2020-4660

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012244 // NVD: CVE-2020-4660

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-322

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-322

PATCH

title:	6346619 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6346619	Trust: 0.8
title:	Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)	url:	https://www.cnvd.org.cn/patchInfo/show/237682	Trust: 0.6
title:	IBM Security Access Manager Appliance Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130219	Trust: 0.6

sources: CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012244 // CNNVD: CNNVD-202010-322

EXTERNAL IDS

db:	NVD	id:	CVE-2020-4660	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-012244	Trust: 0.8
db:	CNVD	id:	CNVD-2020-59033	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3499	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-322	Trust: 0.6

sources: CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012244 // CNNVD: CNNVD-202010-322 // NVD: CVE-2020-4660

REFERENCES

url:	https://www.ibm.com/support/pages/node/6346619	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/186140	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-4660	Trust: 1.4
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/	Trust: 1.2
url:	https://www.auscert.org.au/bulletins/esb-2020.3499/	Trust: 0.6

sources: CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012244 // CNNVD: CNNVD-202010-322 // NVD: CVE-2020-4660

SOURCES

db:	CNVD	id:	CNVD-2020-59033
db:	JVNDB	id:	JVNDB-2020-012244
db:	CNNVD	id:	CNNVD-202010-322
db:	NVD	id:	CVE-2020-4660

LAST UPDATE DATE

2024-08-14T14:03:28.313000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-59033	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012244	date:	2021-04-27T09:04:00
db:	CNNVD	id:	CNNVD-202010-322	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-4660	date:	2020-10-19T16:17:35.417

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-59033	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012244	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-322	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-4660	date:	2020-10-12T13:15:12.383