7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
61.4%
There are multiple vulnerabilities in the WebSphere Liberty Profile used in IBM InfoSphere Global Name Management (GNM).
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM InfoSphere Global Name Management | 6.0 |
IBM InfoSphere Global Name Management | 7.0 |
Note that CVE-2020-4590 and CVE-2020-4421 do not affect GNM as normally installed. They would only apply if the customer chose to manually modify their WebSphere Liberty configuration to enable and use the oauth-2.0 and/or openid connect feature, which is not a common modification. Only CVE-2020-5258 affects GNM as normally installed.
Per the original bulletins for CVE-2020-5258, CVE-2020-4590, and CVE-2020-4421, all three vulnerabilities can be resolved by upgrading WebSphere Liberty Profile.
None
CPE | Name | Operator | Version |
---|---|---|---|
infosphere global name management | eq | 6.0 | |
infosphere global name management | eq | 7.0 |
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
61.4%