Vulnerabilities > CVE-2020-4699 - Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access

CVSS 2.9 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

ibm

CWE-203

NVD

Published: 2020-10-12

Updated: 2020-10-19

Summary

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Access Manager 9.0.7.0 IBM Security Verify Access 10.0.0	2

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/186947
https://www.ibm.com/support/pages/node/6346619