Sign-up

ID

VAR-202010-1451


CVE

CVE-2020-4699


TITLE

IBM Security Access Manager  and  IBM Security Verify Access  Vulnerability regarding information leakage due to difference in response to security-related processing

Trust: 0.8

sources: JVNDB: JVNDB-2020-012246

DESCRIPTION

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing

Trust: 2.79

sources: NVD: CVE-2020-4699 // JVNDB: JVNDB-2020-012246 // CNVD: CNVD-2020-59035 // CNNVD: CNNVD-202010-351 // VULMON: CVE-2020-4699

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-59035

AFFECTED PRODUCTS

vendor:ibmmodel:security verify accessscope:eqversion:10.0.0

Trust: 2.4

vendor:ibmmodel:security access managerscope:eqversion:9.0.7.0

Trust: 1.0

vendor:ibmmodel:security access managerscope: - version: -

Trust: 0.8

vendor:ibmmodel:security access managerscope:eqversion:9.0.7

Trust: 0.6

sources: CNVD: CNVD-2020-59035 // JVNDB: JVNDB-2020-012246 // NVD: CVE-2020-4699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-4699
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4699
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-4699
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-59035
value: LOW

Trust: 0.6

CNNVD: CNNVD-202010-351
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-4699
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-4699
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-59035
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

psirt@us.ibm.com: CVE-2020-4699
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-4699
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-59035 // VULMON: CVE-2020-4699 // JVNDB: JVNDB-2020-012246 // CNNVD: CNNVD-202010-351 // NVD: CVE-2020-4699 // NVD: CVE-2020-4699

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012246 // NVD: CVE-2020-4699

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-351

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-351

PATCH

title:6346619 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6346619

Trust: 0.8

title:Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/237688

Trust: 0.6

title:IBM Security Verify Access and IBM Security Access Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130221

Trust: 0.6

sources: CNVD: CNVD-2020-59035 // JVNDB: JVNDB-2020-012246 // CNNVD: CNNVD-202010-351

EXTERNAL IDS

db:NVDid:CVE-2020-4699

Trust: 3.1

db:JVNDBid:JVNDB-2020-012246

Trust: 0.8

db:CNVDid:CNVD-2020-59035

Trust: 0.6

db:AUSCERTid:ESB-2020.3499

Trust: 0.6

db:CNNVDid:CNNVD-202010-351

Trust: 0.6

db:VULMONid:CVE-2020-4699

Trust: 0.1

sources: CNVD: CNVD-2020-59035 // VULMON: CVE-2020-4699 // JVNDB: JVNDB-2020-012246 // CNNVD: CNNVD-202010-351 // NVD: CVE-2020-4699

REFERENCES

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/186947

Trust: 1.8

url:https://www.ibm.com/support/pages/node/6346619

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-4699

Trust: 1.4

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2020.3499/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/203.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-59035 // VULMON: CVE-2020-4699 // JVNDB: JVNDB-2020-012246 // CNNVD: CNNVD-202010-351 // NVD: CVE-2020-4699

SOURCES

db:CNVDid:CNVD-2020-59035
db:VULMONid:CVE-2020-4699
db:JVNDBid:JVNDB-2020-012246
db:CNNVDid:CNNVD-202010-351
db:NVDid:CVE-2020-4699

LAST UPDATE DATE

2024-08-14T14:03:28.378000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-59035date:2020-10-27T00:00:00
db:VULMONid:CVE-2020-4699date:2020-10-19T00:00:00
db:JVNDBid:JVNDB-2020-012246date:2021-04-27T09:04:00
db:CNNVDid:CNNVD-202010-351date:2020-10-21T00:00:00
db:NVDid:CVE-2020-4699date:2020-10-19T15:05:31.833

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-59035date:2020-10-27T00:00:00
db:VULMONid:CVE-2020-4699date:2020-10-12T00:00:00
db:JVNDBid:JVNDB-2020-012246date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-351date:2020-10-09T00:00:00
db:NVDid:CVE-2020-4699date:2020-10-12T13:15:12.570