CVE-2020-4821

moderate-risk
Published 2021-07-16

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Infosphere Data Replication
Infosphere Data Replication
Infosphere Change Data Capture
Infosphere Change Data Capture
Infosphere Change Data Capture

Affected Vendors

Ibm

References (6)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/189834
Patch https://www.ibm.com/support/pages/node/6472909
Patch https://www.ibm.com/support/pages/node/6472911
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/189834
Patch https://www.ibm.com/support/pages/node/6472909
Patch https://www.ibm.com/support/pages/node/6472911
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 12/34 · Low