CVE-2020-4821 - Vulnerability Details - OpenCVE

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Infosphere Change Data Capture Infosphere Data Replication

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_data_replication:11.4:::::::*
	cpe:2.3:a:ibm:infosphere_data_replication:11.4.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:infosphere_change_data_capture:10.2.1:::::z\/os::
	cpe:2.3:a:ibm:infosphere_change_data_capture:11.3.3:::::z\/os::
	cpe:2.3:a:ibm:infosphere_change_data_capture:11.4:::::z\/os::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/189834
https://www.ibm.com/support/pages/node/6472909
https://www.ibm.com/support/pages/node/6472911

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2021-07-16T16:50:24.014931Z

Updated: 2024-09-17T00:11:05.468Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4821

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-16T17:15:11.993

Modified: 2024-11-21T05:33:17.257

Link: CVE-2020-4821

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "InfoSphere Change Data Capture for z/OS", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.2.1"}]}, {"product": "InfoSphere Data Replication", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.4"}]}], "datePublic": "2021-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834"}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/A:N/C:H/S:U/AV:N/PR:N/UI:N/I:N/RL:O/RC:C/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Bypass Security", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-16T16:50:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6472911"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6472909"}, {"name": "ibm-cognos-cve20204821-sec-bypass (189834)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189834"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-07-15T00:00:00", "ID": "CVE-2020-4821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InfoSphere Change Data Capture for z/OS", "version": {"version_data": [{"version_value": "10.2.1"}]}}, {"product_name": "InfoSphere Data Replication", "version": {"version_data": [{"version_value": "11.4"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834"}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Bypass Security"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6472911", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6472911 (InfoSphere Change Data Capture for z/OS)", "url": "https://www.ibm.com/support/pages/node/6472911"}, {"name": "https://www.ibm.com/support/pages/node/6472909", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6472909 (InfoSphere Data Replication)", "url": "https://www.ibm.com/support/pages/node/6472909"}, {"name": "ibm-cognos-cve20204821-sec-bypass (189834)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189834"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:14:58.938Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6472911"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6472909"}, {"name": "ibm-cognos-cve20204821-sec-bypass (189834)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189834"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4821", "datePublished": "2021-07-16T16:50:24.014931Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:11:05.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_data_replication:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "B16C5AF3-22C8-4052-B75C-CD7F9A76A5A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_data_replication:11.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9582D58B-E795-49AE-A998-67FA889AC409", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_change_data_capture:10.2.1:*:*:*:*:z\\/os:*:*", "matchCriteriaId": "20AB390B-373E-435E-A7DD-BA328555E894", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_change_data_capture:11.3.3:*:*:*:*:z\\/os:*:*", "matchCriteriaId": "C4A5A0F4-AB96-46EF-B483-011050C2E758", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_change_data_capture:11.4:*:*:*:*:z\\/os:*:*", "matchCriteriaId": "F58F4D26-9A07-4B02-85B4-93A2640F1974", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834"}, {"lang": "es", "value": "IBM InfoSphere Data Replication versi\u00f3n 11.4 e IBM InfoSphere Change Data Capture para z/OS versi\u00f3n 10.2.1, bajo determinadas configuraciones, podr\u00edan permitir a un usuario omitir los mecanismos de autenticaci\u00f3n usando una cadena de contrase\u00f1a vac\u00eda. IBM X-Force ID: 189834"}], "id": "CVE-2020-4821", "lastModified": "2024-11-21T05:33:17.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-16T17:15:11.993", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189834"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6472909"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6472911"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6472909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6472911"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}