Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)

Summary

WebSphere Application Server is vulnerable to a server-side request forgery vulnerability.

Vulnerability Details

CVEID:CVE-2020-4365
**DESCRIPTION:**IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178964 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server in IBM Cloud:

• Version 8.5

Remediation/Fixes

To patch an existing service instance, refer to the IBM WebSphere Application Server bulletin listed below:

• WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)

Please see Updating your environment in the KnowlegeCenter for information on applying service.

Alternatively, delete the vulnerable service instance and create a new instance.

Workarounds and Mitigations

None