Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty


## Summary This security bulletin addresses the Information Disclosure vulnerability that has been found to impact Websphere Liberty in IBM Tivoli Application Dependency Discovery Manager. ## Vulnerability Details **CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) **DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty through could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM Tivoli Application Dependency Discovery Manager | - ## Remediation/Fixes **Fix** | **VRMF** | **APAR** | **How to acquire fix** ---|---|---|--- efix_WLP_PSIRT_20005_FP5180802.zip | | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=d1xntIrCriyAnaSvBTMF4edOlDCjcFaOLTM4ccUmbjw> "Download eFix" ) efix_WLP_PSIRT_20005_FP6190313.zip | | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=X2UV7nmubFsybnKno7kO7Vuw1UKhecloR5Ifufbw3WM> "Download eFix" ) efix_WLP_PSIRT_20005_FP7200218.zip | | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=lzxrgrP31963huJnNPxu2RgIpIe5S4oyalEFJAi60PA> "Download eFix" ) **Note:** Before TADDM, Java 7 was used and the upgraded Liberty version requires Java8. Hence, no eFix can be provided for versions before ## Workarounds and Mitigations For customers on TADDM FixPack 3 or FixPack 4, recommendation is to upgrade to a later version and then follow the steps mentioned above. ##

Affected Software

CPE Name Name Version
tivoli application dependency discovery manager
tivoli application dependency discovery manager