7.8

CVE-2020-4372

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmVerify Gateway Version1.0.0
IbmVerify Gateway Version1.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.202
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@us.ibm.com 6.2 2.5 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://exchange.xforce.ibmcloud.com/vulnerabilities/179009
Vendor Advisory
VDB Entry
https://www.ibm.com/support/pages/node/6251289
Patch
Vendor Advisory