Lucene search

K
ibmIBM28F8FE772F7744066E89072F94BE119B652D05DADA694784B7CCD72965C551F7
HistoryApr 30, 2020 - 8:08 p.m.

Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2020-4329)

2020-04-3020:08:13
www.ibm.com
12

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

32.7%

Summary

IBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s) **Affected Supporting Product and Version **
IBM Security Key Lifecycle Manager 4.0 WebSphere® Application Server, Version 9.0.5.0
IBM Security Key Lifecycle Manager 3.0.1 WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager 3.0 WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager 2.7 WebSphere Application Server v9.0.0.1
IBM Security Key Lifecycle Manager 2.6 WebSphere Application Server v8.5.5.7

Remediation/Fixes

Please consult the security bulletin Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

32.7%

Related for 28F8FE772F7744066E89072F94BE119B652D05DADA694784B7CCD72965C551F7