Description

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.

Remediation

References

CVE-2020-4660

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5644)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6104)

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5499)

Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9187)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2015-3196)

Severity

Medium

Classification

CVE-2020-4660 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities