CVE-2020-4864 — Authentication Bypass by Spoofing in IBM Resilient Onprem

CWE-290 — Authentication Bypass by Spoofing3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 77.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Resilient Onprem IBM Resilient Security Orchestration Automation AND Response

Timeline

PublishedOct 29

Latest updateMay 24

Description

IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/resilient_onprem38

▶NVDibm/resilient_security_orchestration_automation_and_response38.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-chg8-g9j3-vrq2: IBM Resilient SOAR V38↗2022-05-24

▶

CVEList

CVE-2020-4864: IBM Resilient SOAR V38↗2020-10-29

▶