Lucene search

K
ibmIBM6A0D9421C284C29C699BD48273C99B57CF4E764A76760B5A163F68BA4E03AA6F
HistoryAug 10, 2020 - 12:47 p.m.

Security Bulletin: Information disclosure in WebSphere Liberty (CVE-2020-4329)

2020-08-1012:47:32
www.ibm.com
12

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

Summary

Information disclosure in WebSphere Liberty component used by the Event Streams REST implementation

Vulnerability Details

CVEID:CVE-2020-4329
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Event Streams 2019.2.1, 2019.4.1, 2019.4.2
IBM Event Streams in IBM Cloud Pak for Integration 2019.2.2, 2019.2.3, 2019.4.1, 2019.4.2

Remediation/Fixes

Upgrade from IBM Event Streams 2019.2.1, IBM Event Streams 2019.4.1 and IBM Event Streams 2019.4.2 to the latest Fix Pack.

Upgrade IBM Event Streams 2019.2.2, IBM Event Streams 2019.2.3, IBM Event Streams 2019.4.1 and IBM Event Streams 2019.4.2 in IBM Cloud Pak for Integration by downloading IBM Event Streams 2019.4.3 in IBM Cloud Pak for Integration 2020.1.1.1 from IBM Entitled Registry

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm event streamseqany

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

Related for 6A0D9421C284C29C699BD48273C99B57CF4E764A76760B5A163F68BA4E03AA6F