7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
53.9%
There is a Dojo vulnerability in WebSphere Liberty used by Collaboration and Deployment Services. This issue has been addressed.
CVEID:CVE-2020-5258
**DESCRIPTION:**Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
SPSS Collaboration and Deployment Services | 8.2 |
SPSS Collaboration and Deployment Services | 8.2.1 |
SPSS Collaboration and Deployment Services | 8.2.2 |
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
SPSS Collaboration and Deployment Services | 8.2.0.0 | PH38965 | 8.2.0.0 |
SPSS Collaboration and Deployment Services | 8.2.1.0 | PH38965 | 8.2.1.0 |
SPSS Collaboration and Deployment Services | 8.2.2.0 | PH38965 | 8.2.2.0 |
Fixes for Components:
SPSS Collaboration and Deployment Services Repository Server deployed to WebSphere Liberty profile (8.2, 8.2.1, 8.2.2)
Important Notes:
For the Repository Server deployed to WebSphere Application Server traditional, please refer to WebSphere document and upgrade WebSphere traditional from IBM Installation Manager.
You should verify applying this fix does not cause any compatibility issues in your environment.
None
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
53.9%