Low Severity

Security Bulletin: IBM Security Information Queue could reveal sensitive data in application error messages (CVE-2020-4164)

Share this post:

In response to certain application errors, IBM Security Information Queue (ISIQ) could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v1.0.6, ISIQ no longer includes sensitve data when outputting error messages.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6172605

More stories

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-2773)

Jun 9, 2021 8:00 pm EDT | Low Severity

IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE. ...read more


Security Bulletin: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker

Jun 7, 2021 8:00 pm EDT | Low Severity

An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. ...read more


Security Bulletin: IBM DataPower Gateway GUI permits use of GET

Jun 4, 2021 8:01 pm EDT | Low Severity

The IBM DataPower GUI uses HTTP POST for operations that require information from the client. However, the GUI also responds to GET operations on the same URLs. While such GET operations are never initiated by the GUI, use of GET in such a manner could reveal sensitive information, so the GUI will no longer accept URL query parameters on GET operations ...read more