Bypassing Authentication Mechanisms with Empty Password String in IBM InfoSphere Data Replication and Change Data Capture

Bypassing Authentication Mechanisms with Empty Password String in IBM InfoSphere Data Replication and Change Data Capture

CVE-2020-4821 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834

Learn more about our User Device Pen Test.