CVE-2020-4232

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/175336	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6207906	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/175336	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6207906	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.6:*:*:*:*:*:*:*

History

21 Nov 2024, 05:32

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/175336 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/175336 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6207906 - Patch, Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6207906 - Patch, Vendor Advisory

Information

Published : 2020-05-28 15:15

Updated : 2024-11-21 05:32

NVD link : CVE-2020-4232

Mitre link : CVE-2020-4232

CVE.ORG link : CVE-2020-4232

JSON object : View

Products Affected

ibm

security_identity_governance_and_intelligence

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2020-4232", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-05-28T15:15:12.387", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175336", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6207906", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175336", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6207906", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336."}, {"lang": "es", "value": "IBM Security Identity Governance and Intelligence versi\u00f3n 5.2.6, podr\u00eda permitir a un atacante enumerar nombres de usuario para encontrar credenciales de inicio de sesi\u00f3n v\u00e1lidas que podr\u00edan ser usadas para intentar nuevos ataques contra el sistema. IBM X-Force ID: 175336."}], "lastModified": "2024-11-21T05:32:25.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5574DD9-D7B2-44F4-8C62-FBBBD034F56B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}