CVE-2020-4821

CRITICAL

IBM InfoSphere Data Replication 11.4 / CDC z/OS 10.2.1 - Authentication Bypass via Empty Password

Title source: llm

Description

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.ibm.com/support/pages/node/6472911

Patch, Vendor Advisory x_refsource_confirm

https://www.ibm.com/support/pages/node/6472909

VDB Entry, Vendor Advisory vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/189834

Scores

CVSS v3 9.8

EPSS 0.0200

EPSS Percentile 78.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (5)

ibm/infosphere_change_data_capture 10.2.1

ibm/infosphere_change_data_capture 11.3.3

ibm/infosphere_change_data_capture 11.4

ibm/infosphere_data_replication 11.4

ibm/infosphere_data_replication 11.4.0

Published Jul 16, 2021

Tracked Since Feb 18, 2026