Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2020-4329).


## Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. This issue allows to conduct spoofing attacks. ## Vulnerability Details ** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) ** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty through could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM License Metric Tool| All ## Remediation/Fixes Upgrade to version 9.2.20 or later using the following procedure: In BigFix console, expand IBM License Reporting (ILMT) node under Sites node in the tree panel. Click Fixlets and Tasks node. Fixlets and Tasks panel will be displayed on the right. In the Fixlets and Tasks panel locate Upgrade to the latest version of IBM License Metric Tool 9.x fixlet and run it against the computer that hosts your server. ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm license metric tool 9.2