CVE-2020-4499

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmsecurity_access_manager
9.0.7.0 ≤
𝑥
< 9.0.7.2
ibmsecurity_verify_access
10.0.0 ≤
𝑥
< 10.0.0.1
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/182216
https://www.ibm.com/support/pages/node/6348046
https://exchange.xforce.ibmcloud.com/vulnerabilities/182216
https://www.ibm.com/support/pages/node/6348046