Platform
ibm
Component
ibm-security-access-manager
Fixed in
9.0.2
9.0.4
9.0.5
9.0.3
9.0.6
9.0.7
CVE-2019-4150 is a security vulnerability affecting IBM Security Access Manager versions 9.0.1 through 9.0.6. This flaw allows an attacker to potentially spoof a trusted entity through a man-in-the-middle (MITM) attack due to insufficient certificate validation. The vulnerability has been assigned IBM X-Force ID 158510 and a CVSS score of 3.7 (LOW). A fix is available in version 9.0.7.
The primary impact of CVE-2019-4150 is the potential for an attacker to conduct a man-in-the-middle attack. By successfully spoofing a trusted certificate, an attacker could intercept and potentially modify sensitive communications between users and the IBM Security Access Manager system. This could lead to unauthorized access to resources, data breaches, and compromise of user credentials. While the CVSS score is LOW, the potential for data exfiltration and disruption makes this a concern, particularly in environments with stringent security requirements.
CVE-2019-4150 was publicly disclosed on June 25, 2019. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of near-term exploitation, but the potential for MITM attacks remains a concern.
Exploit Status
EPSS
0.07% (23% percentile)
CVSS Vector
The recommended mitigation for CVE-2019-4150 is to upgrade to IBM Security Access Manager version 9.0.7 or later, which includes the fix for this certificate validation issue. If immediate upgrade is not possible, consider implementing network segmentation to limit the potential impact of a successful attack. Review and strengthen certificate management policies to ensure proper validation and revocation procedures are in place. Monitor network traffic for suspicious activity indicative of MITM attacks.
Actualizar IBM Security Access Manager a una versión posterior a la 9.0.6 para corregir la validación incorrecta de certificados y prevenir ataques Man-in-the-Middle (MITM).
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-4150 is a LOW severity vulnerability in IBM Security Access Manager 9.0.1–9.0.6 that allows attackers to spoof trusted entities via a man-in-the-middle (MITM) attack due to insufficient certificate validation.
You are affected if you are running IBM Security Access Manager versions 9.0.1 through 9.0.6. Upgrade to 9.0.7 or later to mitigate the risk.
Upgrade to IBM Security Access Manager version 9.0.7 or later. If immediate upgrade is not possible, implement network segmentation and strengthen certificate management policies.
There is no indication of active exploitation at this time, but the potential for MITM attacks remains a concern.
Refer to the IBM Security Bulletin: https://www.ibm.com/support/kbdoc/firstdoc?docid=kw0000039369
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.