Details of VAR-202010-1443

ID

VAR-202010-1443

CVE

CVE-2020-4661

TITLE

IBM Security Access Manager and IBM Security Verify Access Vulnerability regarding information leakage due to difference in response to security-related processing

Trust: 0.8

sources: JVNDB: JVNDB-2020-012245

DESCRIPTION

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing

Trust: 3.78

sources: NVD: CVE-2020-4661 // JVNDB: JVNDB-2020-012245 // CNVD: CNVD-2020-59035 // CNVD: CNVD-2020-59034 // CNVD: CNVD-2020-59033 // CNNVD: CNNVD-202010-333

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 1.8

sources: CNVD: CNVD-2020-59035 // CNVD: CNVD-2020-59034 // CNVD: CNVD-2020-59033

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.0	Trust: 3.6
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.7	Trust: 1.8
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.7.0	Trust: 1.0
vendor:	ibm	model:	security access manager	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2020-59035 // CNVD: CNVD-2020-59034 // CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012245 // NVD: CVE-2020-4661

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-4661
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2020-4661
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-4661
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-59035
value:	LOW
Trust: 0.6
CNVD:	CNVD-2020-59034
value:	LOW
Trust: 0.6
CNVD:	CNVD-2020-59033
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202010-333
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-4661
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-59035
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2020-59034
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2020-59033
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2020-4661
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-4661
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2020-59035 // CNVD: CNVD-2020-59034 // CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012245 // CNNVD: CNNVD-202010-333 // NVD: CVE-2020-4661 // NVD: CVE-2020-4661

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012245 // NVD: CVE-2020-4661

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-333

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-333

PATCH

title:	6346619 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6346619	Trust: 0.8
title:	Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/237688	Trust: 0.6
title:	Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59034)	url:	https://www.cnvd.org.cn/patchInfo/show/237685	Trust: 0.6
title:	Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)	url:	https://www.cnvd.org.cn/patchInfo/show/237682	Trust: 0.6
title:	IBM Security Access Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130220	Trust: 0.6

sources: CNVD: CNVD-2020-59035 // CNVD: CNVD-2020-59034 // CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012245 // CNNVD: CNNVD-202010-333

EXTERNAL IDS

db:	NVD	id:	CVE-2020-4661	Trust: 4.2
db:	JVNDB	id:	JVNDB-2020-012245	Trust: 0.8
db:	CNVD	id:	CNVD-2020-59035	Trust: 0.6
db:	CNVD	id:	CNVD-2020-59034	Trust: 0.6
db:	CNVD	id:	CNVD-2020-59033	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3499	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-333	Trust: 0.6

sources: CNVD: CNVD-2020-59035 // CNVD: CNVD-2020-59034 // CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012245 // CNNVD: CNNVD-202010-333 // NVD: CVE-2020-4661

REFERENCES

url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/	Trust: 2.4
url:	https://www.ibm.com/support/pages/node/6346619	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/186142	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-4661	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3499/	Trust: 0.6

sources: CNVD: CNVD-2020-59035 // CNVD: CNVD-2020-59034 // CNVD: CNVD-2020-59033 // JVNDB: JVNDB-2020-012245 // CNNVD: CNNVD-202010-333 // NVD: CVE-2020-4661

SOURCES

db:	CNVD	id:	CNVD-2020-59035
db:	CNVD	id:	CNVD-2020-59034
db:	CNVD	id:	CNVD-2020-59033
db:	JVNDB	id:	JVNDB-2020-012245
db:	CNNVD	id:	CNNVD-202010-333
db:	NVD	id:	CVE-2020-4661

LAST UPDATE DATE

2024-08-14T14:03:28.340000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-59035	date:	2020-10-27T00:00:00
db:	CNVD	id:	CNVD-2020-59034	date:	2020-10-27T00:00:00
db:	CNVD	id:	CNVD-2020-59033	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012245	date:	2021-04-27T09:04:00
db:	CNNVD	id:	CNNVD-202010-333	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-4661	date:	2020-10-19T15:02:24.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-59035	date:	2020-10-27T00:00:00
db:	CNVD	id:	CNVD-2020-59034	date:	2020-10-27T00:00:00
db:	CNVD	id:	CNVD-2020-59033	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012245	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-333	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-4661	date:	2020-10-12T13:15:12.493