CVE-2020-4166: High severity IBM Security Guardium Insights vulnerability

Q: What is the vulnerability ID of this security flaw?

The vulnerability ID of this security flaw is CVE-2020-4166.

Q: What is the title of this vulnerability?

The title of this vulnerability is 'Node.js lodash module denial of service'.

Q: What is the severity of CVE-2020-4166?

The severity of CVE-2020-4166 is high, with a severity value of 7.5.

Q: What is the affected software for CVE-2020-4166?

The affected software for CVE-2020-4166 is IBM Security Guardium Insights 2.0.1.

Q: How can I fix CVE-2020-4166?

To fix CVE-2020-4166, update to IBM Security Guardium Insights version 2.0.2 or higher.

Published Aug 27, 2020

Updated

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.

Affected Software

2 affected componentsFixes available

IBM Security Guardium Insights=2.0.1

IBM Security Guardium Insights<=2.0.2

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6323297

Event History

Aug 27, 2020

CVE Published

via MITRE·12:40 PM

Data Sourced

via MITRE·12:40 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6403463

Frequently Asked Questions

What is the vulnerability ID of this security flaw?

The vulnerability ID of this security flaw is CVE-2020-4166.

What is the title of this vulnerability?

The title of this vulnerability is 'Node.js lodash module denial of service'.

What is the severity of CVE-2020-4166?