CVE-2020-4290

EUVD-2020-25537
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
ibmCNA
4.2 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/A:N/AV:N/AC:H/UI:N/C:L/PR:L/I:L/S:U/RC:C/RL:O/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_information_queue
1.0.0
ibmsecurity_information_queue
1.0.1
ibmsecurity_information_queue
1.0.2
ibmsecurity_information_queue
1.0.3
ibmsecurity_information_queue
1.0.4
ibmsecurity_information_queue
1.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/176333
https://www.ibm.com/support/pages/node/6172599
https://exchange.xforce.ibmcloud.com/vulnerabilities/176333
https://www.ibm.com/support/pages/node/6172599