Lucene search

IBM5E5C0D906DDDB47A53D421884B82DB26FA92E0D0156BE9B4817E7CB7FE473930

HistoryAug 13, 2020 - 7:38 p.m.

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Identity Manager July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601

2020-08-1319:38:43

www.ibm.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

IBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)	Affected Supporting Product(s) Version(s)
ISIM	6.0.0	WAS 8.5
ISIM	6.0.2	WAS 9.0

Remediation/Fixes

Principal Product and Version(s)	Affected Supporting Product and Version(s)	Affected Supporting Product Security Bulletin
ISIM 6.0.0

ISIM 6.0.2

| WAS 8.5

WAS 9.0

Security Bulletin: Vulnerability in IBM® Java SDK affect WebSphere Application Server July 2020 CPU

Security Bulletin: Vulnerability in IBM® Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590

Security Bulletin: Vulnerability in IBM® Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2601

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security identity managereq6.0.0
ibm security identity managereq6.0.2

CPE	Name	Operator	Version
	ibm security identity manager	eq	6.0.0
	ibm security identity manager	eq	6.0.2

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for 5E5C0D906DDDB47A53D421884B82DB26FA92E0D0156BE9B4817E7CB7FE473930