Rewterz Threat Advisory – CVE-2019-4725 – IBM Security Access Manager Appliance cross-site scripting
October 7, 2020Rewterz Threat Alert – Emotet – IoCs
October 7, 2020Rewterz Threat Advisory – CVE-2019-4725 – IBM Security Access Manager Appliance cross-site scripting
October 7, 2020Rewterz Threat Alert – Emotet – IoCs
October 7, 2020Severity
Medium
Analysis Summary
CVE-2020-4528
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. Passwords provided as part of a URL for an administrative COPY command may appear in the administrative log. If the password is not provided in the URL, it will be prompted for, and will not appear in the log.
Impact
Information disclosure
Affected Vendors
IBM
Affected Products
- IBM DataPower Gateway 2018.4.1.0
- IBM DataPower Gateway 2018.4.1.12
- IBM DataPower Gateway 10.0.0.0
Remediation
Refer to IBM Security advisory for patch, upgrade or suggested workaround information.