Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server


## Summary There is a vulnerability in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. ## Vulnerability Details **CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) **DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty through could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions Affected Product(s) | Version(s) ---|--- InfoSphere Information Server with a Microservices tier | 11.7 ## Remediation/Fixes ## _Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ ---|---|---|--- InfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63314](<http://www.ibm.com/support/docview.wss?uid=swg1JR63314> "JR63314" ) | \--Apply InfoSphere Information Server version [](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> "" ) \--Apply Information Server [](<https://www.ibm.com/support/pages/node/6209196> "" ) \--Apply Information Server [ Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> " Service Pack 1???" ) For Red Hat 8 installations, contact IBM Customer Support. **Note**: Users of WebSphere Application Server Network Deployment should follow the [WebSphere security bulletin](<https://www.ibm.com/support/pages/node/6201862> "WebSphere security bulletin" ) **Contact Technical Support:** In the United States and Canada dial **1-800-IBM-SERV** View the support [contacts for other countries](<http://www.ibm.com/planetwide/> "contacts for other countries" ) outside of the United States. Electronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> "open a Service Request" ) with Information Server Technical Support. ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm infosphere information server 11.7