CVE-2020-4624Use of a Broken or Risky Cryptographic Algorithm in IBM Cloud PAK FOR Security

CWE-327Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 77.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK FOR Security
Timeline
PublishedNov 30
Latest updateMay 24

Description

IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/cloud_pak_for_security1.3.0.1
NVDibm/cloud_pak1.3.0.1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-p5ph-fpgv-7c3v: IBM Cloud Pak for Security 12022-05-24
CVEList
CVE-2020-4624: IBM Cloud Pak for Security 12020-11-30
CVE-2020-4624 — IBM vulnerability | cvebase