Vulnerabilities > CVE-2020-4661 - Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access

CVSS 5.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

high complexity

ibm

CWE-203

NVD

Published: 2020-10-12

Updated: 2020-10-19

Summary

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Access Manager 9.0.7.0 IBM Security Verify Access 10.0.0	2

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.ibm.com/support/pages/node/6346619
https://exchange.xforce.ibmcloud.com/vulnerabilities/186142