Main Vulnerability Database Vulnerabilities #VU65728

#VU65728 Improper control of a resource through its lifetime in IBM Security Guardium Insights - CVE-2020-4172

Published: July 22, 2022

Vulnerability identifier: #VU65728

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-4172

CWE-ID: CWE-664

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Security Guardium Insights

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights stores sensitive information in URL parameters. A remote unauthenticated attacker with access to the URLs via server logs, referrer header or browser history can use this vulnerability to decrypt highly sensitive information.

Remediation

Install updates from vendor's website.

#VU65728 Improper control of a resource through its lifetime in IBM Security Guardium Insights - CVE-2020-4172

Description

Remediation

External links

Please verify you're human