CVE-2019-4150Improper Certificate Validation in IBM Security Access Manager

CWE-295Improper Certificate Validation3 documents3 sources
Severity
3.7LOWNVD
EPSS
0.1%
top 77.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Access Manager
Timeline
PublishedJun 25
Latest updateMay 24

Description

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDibm/security_access_manager9.0.19.0.6
CVEListV5ibm/security_access_manager6 versions+5

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-fq3j-gh2w-h7h5: IBM Security Access Manager 92022-05-24
CVEList
CVE-2019-4150: IBM Security Access Manager 92019-06-25
CVE-2019-4150 — Improper Certificate Validation in IBM | cvebase