CVE-2020-4171 : IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which

IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.

Published 2020-08-27 13:15:12

Updated 2021-07-21 11:39:24

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2020-4171

IBM » Security Guardium Insights » Version: 2.0.1
cpe:2.3:a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	IBM Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

https://www.ibm.com/support/pages/node/6323297

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
Patch;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/174407

IBM Security Guardium Insights information disclosure CVE-2020-4171 Vulnerability Report
VDB Entry

Jump to