Description

IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.

Remediation

References

CVE-2020-4461

Related Vulnerabilities

WordPress 3.9.x Cross-Domain Flash Injection Vulnerability (3.9 - 3.9.22)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.4.2)

WordPress Plugin Facebook Members Cross-Site Request Forgery (5.0.4)

WebLogic CVE-2020-14859 Vulnerability (CVE-2020-14859)

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

Severity

Medium

Classification

CVE-2020-4461 CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities