Lucene search

K
ibmIBM7FF7AF8CC12638FBF97307A5BA8B6A7EFED05747560C9035FA2449DA7CC0D287
HistoryJan 11, 2021 - 8:19 a.m.

Security Bulletin: Server path disclosure pattern is present in IBM Workload Scheduler

2021-01-1108:19:06
www.ibm.com
6

EPSS

0.001

Percentile

19.6%

Summary

Server path disclosure pattern is present in IBM Dynamic Workload Console 9.5

Vulnerability Details

CVEID:CVE-2020-4674
**DESCRIPTION:**IBM Workload Automation stores sensitive information in URLs that could aid in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186287 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Workload Automation 9.5.x

Remediation/Fixes

APAR IJ30009 has been opened to address CVE-2020-4674.
Apar IJ30009 has been included in IBM Workload Scheduler 9.5 FP03 and it is already available on FixCentral.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

19.6%

Related for 7FF7AF8CC12638FBF97307A5BA8B6A7EFED05747560C9035FA2449DA7CC0D287