CVE-2020-4821

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Data Replication version 11.4 IBM InfoSphere Change Data Capture for z/OS version 10.2.1

Description The issue is related to a configuration vulnerability in IBM InfoSphere Data Replication and IBM InfoSphere Change Data Capture, which is associated with weaknesses in the authentication procedure. Under certain configurations, this could allow a user to bypass authentication mechanisms using an empty password string.

Recommendations For IBM InfoSphere Data Replication version 11.4, consider disabling the use of empty password strings as a temporary workaround until a patch is available. For IBM InfoSphere Change Data Capture for z/OS version 10.2.1, restrict access to authentication mechanisms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.