Lucene search

IBM5AAB19BD60F5658CD32A3BA4361EF88BC41DBF872238BE4F8BA1ED2A76EB7B21

HistoryFeb 04, 2021 - 7:12 a.m.

Security Bulletin: Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights

2021-02-0407:12:44

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Summary

Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights

Vulnerability Details

CVEID:CVE-2020-4590
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184650 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Application Business Insights	1.1.3
IBM Cloud Application Business Insights	1.1.4
IBM Cloud Application Business Insights	1.1.5

Remediation/Fixes

The Vulnerabilities can be remediated by applying the ICABI FixPack 1.1.3.2 to all systems where IBM Cloud Application Business Insights version 1.1.3 is installed.

The Vulnerabilities can be remediated by applying the ICABI FixPack 1.1.4.3 to all systems where IBM Cloud Application Business Insights version 1.1.4 is installed.

The Vulnerabilities can be remediated by applying the ICABI FixPack 1.1.5.2 to all systems where IBM Cloud Application Business Insights version 1.1.5 is installed.

The fixes can be found at the following location-

Download Description	Download Link (Fix Central)
1.1.3.2 Fix Pack	https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.3.xml&source=SAR&function=fixId&parent=ibm/WebSphere
1.1.4.3 Fix Pack	https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.4.xml&source=SAR&function=fixId&parent=ibm/WebSphere
1.1.5.2 Fix Pack	https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.5.xml&source=SAR&function=fixId&parent=ibm/WebSphere

**NOTE:**It is recommended to apply previous ICABI Fixpack(s) first as per the IBM Cloud Application Business Insights version installed.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud application business insightseq1.1.3
ibm cloud application business insightseq1.1.4
ibm cloud application business insightseq1.1.5

Name	Operator	Version
ibm cloud application business insights	eq	1.1.3
ibm cloud application business insights	eq	1.1.4
ibm cloud application business insights	eq	1.1.5

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Related for 5AAB19BD60F5658CD32A3BA4361EF88BC41DBF872238BE4F8BA1ED2A76EB7B21