Description
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Privileges Required
None
Attack Complexity
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
E
Unchanged
RL
O
RC
Changed
Affected products
- ibm / Security Access Manager9.0 – 9.0
- ibm / security_verify_access_docker10.0.0 – 10.0.0