PT-2020-18114 · Ibm · Ibm Datapower Gateway+1

Published

2020-10-06

Updated

2021-07-21

CVE-2020-4528

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM MQ Appliance versions 2018.4.1.0 through 2018.4.1.12 IBM DataPower Gateway version 10.0.0.0

Description A local user, under special conditions, could obtain highly sensitive information from log files.

Recommendations For IBM MQ Appliance versions 2018.4.1.0 through 2018.4.1.12, restrict access to log files to minimize the risk of sensitive information disclosure. For IBM DataPower Gateway version 10.0.0.0, consider implementing additional logging controls to prevent unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-4528

Affected Products

Ibm Datapower Gateway

Ibm Mq Appliance

PT-2020-18114 · Ibm · Ibm Datapower Gateway+1

CVE-2020-4528

Related Identifiers

Affected Products

References · 4