CVE-2020-4499

EUVD-2020-25746
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/I:L/UI:N/AC:L/PR:N/AV:N/C:L/S:U/A:L/RC:C/E:U/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_access_manager
9.0.7.0 ≤
𝑥
< 9.0.7.2
ibmsecurity_verify_access
10.0.0 ≤
𝑥
< 10.0.0.1
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/182216
https://www.ibm.com/support/pages/node/6348046
https://exchange.xforce.ibmcloud.com/vulnerabilities/182216
https://www.ibm.com/support/pages/node/6348046