CRITICAL🇵🇱 Wersja polska

CVE-2020-4499

CVSS 9.8v3.1pub. 2020-10-15upd. 2024-11-21

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Security Access Manager

    APP
    Ibm
    9.0.7.0 – 9.0.7.2 (bez)
  • IBM Security Verify Access

    APP
    Ibm
    10.0.0 – 10.0.0.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-1346CRITICAL9.3PL ✓ten sam produkt

Privilege escalation do root w IBM Security Verify Access i Verify Identity Access

CVE-2025-36356CRITICAL9.3PL ✓ten sam produkt

IBM Security Verify Access — privilege escalation do root przez nadmiarowe uprawnienia

CVE-2024-49805CRITICAL9.4PL ✓ten sam produkt

IBM Security Verify Access — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2024-49803CRITICAL9.8PL ✓ten sam produkt

IBM Security Verify Access — zdalne wykonanie poleceń (command injection)

CVE-2024-49806CRITICAL9.4PL ✓ten sam produkt

IBM Security Verify Access — zakodowane na stałe poświadczenia (hard-coded credentials)