PT-2020-18032 · Ibm · Ibm Verify Gateway

Chris Shepherd

Published

2020-07-22

Updated

2020-07-24

CVE-2020-4371

CVSS v3.1

4.0

Medium

Vector

AC:L/UI:N/S:U/I:N/C:L/PR:N/AV:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Verify Gateway (IVG) versions 1.0.0 through 1.0.1

Description The issue concerns sensitive information contained in leftover debug code. This could potentially aid a local user in further attacks against the system.

Recommendations For versions 1.0.0 and 1.0.1, remove or securely erase the leftover debug code to prevent potential exploitation.

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

CVE-2020-4371

Affected Products

Ibm Verify Gateway

PT-2020-18032 · Ibm · Ibm Verify Gateway

CVE-2020-4371

Weakness Enumeration

Related Identifiers

Affected Products

References · 4