Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8FA99E4D26249E130318CABB55E8B0BFE88E1B434E83757A8F7D6000543E393A
HistoryMay 04, 2021 - 10:02 p.m.

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager

2021-05-0422:02:56
www.ibm.com
12

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON

Summary

IBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM Tivoli Federated Identity Manager All

Remediation/Fixes

Principal Product Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Tivoli Federated Identity Manager IBM WebSphere Application Server 7.0, 8.0, 8.5 Security Bulletin: WebSphere Application Server is vulnerable to a Server-side Request Forgery vulnerability (CVE-2021-20480)

IBM Tivoli Federated Identity Manager| IBM WebSphere Application Server 8.0, 8.5, 9.0|

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454)

Security Bulletin: Vulnerability in Apache MyFaces affects WebSphere Application Server (CVE-2021-26296)

Security Bulletin: Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20453)

Workarounds and Mitigations

None

Related

ibm 162
cve 5
redhatcve 2
osv 5
redhat 1
prion 5
packetstorm 1
zdt 1
github 2
veracode 2
nessus 5
ubuntucve 1
debiancve 1
githubexploit 1
d0znpp 1
openvas 2
debian 1
mageia 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Access Manager for e-business
2021-04-22 14:10:37
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-20453, CVE-2021-26296, CVE-2020-5016, CVE-2021-20480, CVE-2021-20454, CVE-2020-5258)
2021-04-23 18:14:00
Security Bulletin: Vulnerabilities identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2021-20480, CVE-2021-26296 and CVE-2020-5258)
2021-04-19 10:46:49
cve
cve
CVE-2021-20480
2021-04-08 13:15:00
CVE-2021-26296
2021-02-19 09:15:00
CVE-2021-20453
2021-04-20 12:15:00
redhatcve
redhatcve
CVE-2021-26296
2021-02-18 21:24:39
CVE-2020-5258
2020-03-11 09:40:58
osv
osv
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
CVE-2021-26296
2021-02-19 09:15:13
CVE-2020-5258
2020-03-10 18:15:12
redhat
redhat
(RHSA-2021:2439) Important: Open Liberty 21.0.0.6 Runtime security update
2021-06-15 13:03:25
prion
prion
Server side request forgery (ssrf)
2021-04-08 13:15:00
Cross site request forgery (csrf)
2021-02-19 09:15:00
Xxe
2021-04-20 12:15:00
packetstorm
packetstorm
Apache MyFaces 2.x Cross Site Request Forgery
2021-02-20 00:00:00
zdt
zdt
Apache MyFaces 2.x Cross Site Request Forgery Vulnerability
2021-02-20 00:00:00
github
github
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
Prototype pollution in dojo
2020-03-10 18:03:14
veracode
veracode
Insecure Anti-CSRF Tokens
2021-02-22 07:08:20
Prototype Pollution
2020-03-11 04:28:44
nessus
nessus
IBM WebSphere Application Server 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.19 / 9.0.0.0 <= 9.0.5.7 XXE (CVE-2021-20453)
2021-04-20 00:00:00
Oracle Enterprise Manager Ops Center UI and Other Patches (July 2021 CPU)
2023-01-19 00:00:00
Debian DLA-2139-1 : dojo security update
2020-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2020-5258
2020-03-10 00:00:00
debiancve
debiancve
CVE-2020-5258
2020-03-10 18:15:00
githubexploit
githubexploit
Exploit for Code Injection in Linuxfoundation Dojo
2020-12-01 09:45:48
d0znpp
d0znpp
A4: XML External Entities (XXE) ❗️ — Top 10 OWASP 2017
2021-09-14 13:09:18
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0232)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2139-1)
2020-03-18 00:00:00
debian
debian
[SECURITY] [DLA 2139-1] dojo security update
2020-03-11 19:14:41
mageia
mageia
Updated dojo packages fix security vulnerability
2020-05-27 12:52:46

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON
Related for 8FA99E4D26249E130318CABB55E8B0BFE88E1B434E83757A8F7D6000543E393A
ibm162cve5redhatcve2osv5redhat1prion5packetstorm1zdt1github2veracode2nessus5ubuntucve1debiancve1githubexploit1d0znpp1openvas2debian1mageia1