Lucene search

K
ibmIBM524967B35E95591E52EF19BBE01828BF10D5D7091675E92DC2D3D66897E54085
HistoryFeb 04, 2021 - 5:30 p.m.

Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server Admin Console

2021-02-0417:30:59
www.ibm.com
10

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.9%

Summary

Embedded WebSphere Application Server traditional Admin Console is vulnerable to a directory traversal vulnerability (CVE-2020-4782)

Vulnerability Details

CVEID:CVE-2020-4782
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing โ€œdot dotโ€ sequences (/โ€ฆ/) to view arbitrary files on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189213 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Content Collector for Email 4.0.x

Remediation/Fixes

Product

| VRMF|Remediation/First Fix
โ€”|โ€”|โ€”
IBM Content Collector for Email| 4.0.x| Apply Interim Fix 4.0.1.9-IBM-ICC-IF008

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.9%

Related for 524967B35E95591E52EF19BBE01828BF10D5D7091675E92DC2D3D66897E54085