IBM Security Information Queue (ISIQ) stores the JSON web token (JWT) secret in plain text in one of its YAML files. As of v1.0.5, ISIQ generates an encrypted JWT secret during product configuration.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Security Information Queue (ISIQ) | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/5383395
The post Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/32CElUy
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.