#VU65728 Improper control of a resource through its lifetime in IBM Security Guardium Insights - CVE-2020-4172
Published: July 22, 2022
Vulnerability identifier: #VU65728
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-4172
CWE-ID: CWE-664
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
IBM Security Guardium Insights
IBM Security Guardium Insights
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to IBM Security Guardium Insights stores sensitive information in URL parameters. A remote unauthenticated attacker with access to the URLs via server logs, referrer header or browser history can use this vulnerability to decrypt highly sensitive information.
Remediation
Install updates from vendor's website.