CVE-2020-4660

MEDIUM

IBM Security Access Manager 9.0.7 and Security Verify Access 10.0.0 - Timing Side-Channel Information Disclosure

Title source: llm

Description

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.ibm.com/support/pages/node/6346619

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/186140

Scores

CVSS v3 5.3

EPSS 0.0045

EPSS Percentile 35.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-203

Status published

Products (2)

ibm/security_access_manager 9.0.7.0

ibm/security_verify_access 10.0.0

Published Oct 12, 2020

Tracked Since Feb 18, 2026