Details of VAR-202010-1454

ID

VAR-202010-1454

CVE

CVE-2020-4499

TITLE

IBM Security Access Manager and IBM Security Verify Access Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-012332

DESCRIPTION

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Vendor exploits this vulnerability IBM X-Force ID: 182216 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile, and cloud computing

Trust: 2.79

sources: NVD: CVE-2020-4499 // JVNDB: JVNDB-2020-012332 // CNVD: CNVD-2020-57818 // CNNVD: CNNVD-202010-651 // VULMON: CVE-2020-4499

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-57818

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.0	Trust: 1.4
vendor:	ibm	model:	security verify access	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	ibm	model:	security verify access	scope:	lt	version:	10.0.0.1	Trust: 1.0
vendor:	ibm	model:	security access manager	scope:	lt	version:	9.0.7.2	Trust: 1.0
vendor:	ibm	model:	security access manager	scope:	gte	version:	9.0.7.0	Trust: 1.0
vendor:	ibm	model:	security access manager	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.7	Trust: 0.6

sources: CNVD: CNVD-2020-57818 // JVNDB: JVNDB-2020-012332 // NVD: CVE-2020-4499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-4499
value:	CRITICAL
Trust: 1.0
psirt@us.ibm.com:	CVE-2020-4499
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-4499
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-57818
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202010-651
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-4499
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-4499
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-57818
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-4499
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@us.ibm.com:	CVE-2020-4499
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 1.0
NVD:	CVE-2020-4499
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-57818 // VULMON: CVE-2020-4499 // JVNDB: JVNDB-2020-012332 // CNNVD: CNNVD-202010-651 // NVD: CVE-2020-4499 // NVD: CVE-2020-4499

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of authentication (CWE-862) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012332 // NVD: CVE-2020-4499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-651

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-651

PATCH

title:	6348046 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6348046	Trust: 0.8
title:	Patch for IBM Security Access Manager and IBM Security Verify Access certification bypass vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/237052	Trust: 0.6
title:	IBM Security Access Manager and IBM Security Verify Access Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131300	Trust: 0.6

sources: CNVD: CNVD-2020-57818 // JVNDB: JVNDB-2020-012332 // CNNVD: CNNVD-202010-651

EXTERNAL IDS

db:	NVD	id:	CVE-2020-4499	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012332	Trust: 0.8
db:	CNVD	id:	CNVD-2020-57818	Trust: 0.6
db:	NSFOCUS	id:	50180	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3558	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-651	Trust: 0.6
db:	VULMON	id:	CVE-2020-4499	Trust: 0.1

sources: CNVD: CNVD-2020-57818 // VULMON: CVE-2020-4499 // JVNDB: JVNDB-2020-012332 // CNNVD: CNNVD-202010-651 // NVD: CVE-2020-4499

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-4499	Trust: 2.0
url:	https://www.ibm.com/support/pages/node/6348046	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/182216	Trust: 1.7
url:	https://www.auscert.org.au/bulletins/esb-2020.3558/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50180	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-57818 // VULMON: CVE-2020-4499 // JVNDB: JVNDB-2020-012332 // CNNVD: CNNVD-202010-651 // NVD: CVE-2020-4499

SOURCES

db:	CNVD	id:	CNVD-2020-57818
db:	VULMON	id:	CVE-2020-4499
db:	JVNDB	id:	JVNDB-2020-012332
db:	CNNVD	id:	CNNVD-202010-651
db:	NVD	id:	CVE-2020-4499

LAST UPDATE DATE

2024-08-14T12:34:22.564000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-57818	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-4499	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-012332	date:	2021-04-30T06:32:00
db:	CNNVD	id:	CNNVD-202010-651	date:	2020-11-05T00:00:00
db:	NVD	id:	CVE-2020-4499	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-57818	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-4499	date:	2020-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-012332	date:	2021-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202010-651	date:	2020-10-15T00:00:00
db:	NVD	id:	CVE-2020-4499	date:	2020-10-15T13:15:12.913