CVE-2020-4699

low-risk

Published 2020-10-12

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (2)

Security Access Manager

Security Verify Access

Affected Vendors

Ibm

References (4)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/186947

Vendor Advisory https://www.ibm.com/support/pages/node/6346619

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/186947

Vendor Advisory https://www.ibm.com/support/pages/node/6346619

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low