EUVD-2020-25523

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM WebSphere Application Server versions 7.0 to 9.0 has a privilege escalation vulnerability via SOAP connector.

Reporter	Title	Published	Views	Family All 39
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud	16 Jun 202013:32	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4276)	14 Sep 202215:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal	4 Mar 202109:24	–	ibm
IBM Security Bulletins	Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server Bundled With IBM WebSphere Application Server Patterns (CVE-2020-4276)	26 Mar 202016:32	–	ibm
IBM Security Bulletins	Security Bulletin:Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager	27 Apr 202119:45	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2020-4276)	28 May 202022:06	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4276)	24 Jul 202022:19	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4276)	30 Mar 202015:51	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4276)	30 Mar 202014:38	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2020-4276)	9 Jun 202017:09	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "baef01cd-6491-3730-b871-9f79c2932e39",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "037771fa-effb-3bcd-a6cd-882b1a38312b",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "c2ad7a0f-a5b8-3890-9257-572c02d08a52",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      },
      {
        "id": "c548c872-69c0-3ce8-b33e-2954e61bfc1b",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      },
      {
        "id": "d665d324-1d97-3c9e-9ed8-d3e6c21bde73",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "7.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6118222
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/175984
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.6High risk

Vulners AI Score7.6

CVSS 37.5

CVSS 26

CVSS 3.17.5

EPSS0.00428