Friday, February 28, 2020

Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283)

IBM Security Information Queue (ISIQ) stores the JSON web token (JWT) secret in plain text in one of its YAML files. As of v1.0.5, ISIQ generates an encrypted JWT secret during product configuration.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/5383395

The post Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/32CElUy

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.