PT-2020-17931 · Ibm · Ibm Security Identity Governance/Intelligence

Chris Shepherd

Published

2020-05-28

Updated

2021-07-21

CVE-2020-4232

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Identity Governance and Intelligence version 5.2.6

Description The issue allows an attacker to enumerate usernames to find valid login credentials, which could be used to attempt further attacks against the system.

Recommendations For IBM Security Identity Governance and Intelligence version 5.2.6, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. As a temporary workaround, limit the ability to enumerate usernames until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2020-4232

Affected Products

Ibm Security Identity Governance/Intelligence

PT-2020-17931 · Ibm · Ibm Security Identity Governance/Intelligence

CVE-2020-4232

Weakness Enumeration

Related Identifiers

Affected Products

References · 5