5.3

CVE-2020-4699

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSecurity Access Manager Version9.0.7.0
IbmSecurity Verify Access Version10.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.365
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.9 5.5 2.9
AV:A/AC:M/Au:N/C:P/I:N/A:N
psirt@us.ibm.com 5.3 1.6 3.6
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://www.ibm.com/support/pages/node/6346619
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/186947
Vendor Advisory
VDB Entry