Lucene search

K
ibmIBM0E85F055F69C36F1AFCDA9AA4C7476B24B7826864D94024DCA43C8F828A3D547
HistoryDec 09, 2020 - 4:32 p.m.

Security Bulletin: Potential vulnerability with IBM WebSphere Application Server

2020-12-0916:32:11
www.ibm.com
15
ibm websphere
application server
vulnerability
info theft
spoofing
security bulletin
ibm x-force
wa for icp
cp4d

EPSS

0.001

Percentile

32.8%

Summary

A potential vulnerability has been identified related to IBM WebSphere Application Server. Refer to details for additional information.

Vulnerability Details

CVEID:CVE-2020-4329
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
WA for ICP 1.4.0, 1.4.1, 1.4.2

Remediation/Fixes

Upgrade to the latest (1.5.0) release of WA for CP4D which maintains backward compatibility with the versions listed above.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

32.8%

Related for 0E85F055F69C36F1AFCDA9AA4C7476B24B7826864D94024DCA43C8F828A3D547