CVE-2020-4499
CRITICALIBM Security Access Manager <9.0.7 & IBM Security Verify Access <10...
Title source: llmDescription
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6348046
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/182216
Scores
CVSS v3
9.8
EPSS
0.0125
EPSS Percentile
66.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
ibm/security_access_manager
9.0.7.0 - 9.0.7.2
ibm/security_verify_access
10.0.0 - 10.0.0.1
Published
Oct 15, 2020
Tracked Since
Feb 18, 2026