Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM90292D88D6F3FB64F49163CE1097952FAB347C6209064E8EFDFA3E73CD335199
HistorySep 23, 2021 - 2:40 p.m.

Security Bulletin: Vulnerabilities in WebSphere Liberty Profile affect IBM InfoSphere Identity Insight (CVE-2020-4421, CVE-2020-4590, CVE-2020-5258, CVE-2021-26296)

2021-09-2314:40:35
www.ibm.com
8

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON

Summary

There are multiple vulnerabilities in the WebSphere Liberty Profile used in IBM InfoSphere Identity Insight.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM InfoSphere Identity Insight 9.0
IBM InfoSphere Identity Insight 9.1
IBM InfoSphere Identity Insight 10.0

Remediation/Fixes

Per the original bulletins for CVE-2020-4421 , CVE-2020-4590, CVE-2020-5258, and CVE-2021-26296, all four vulnerabilities can be resolved by upgrading WebSphere Liberty Profile in your Identity Insight instance to version 21.0.0.6. Instructions for doing this are found in the tech note at <https://www.ibm.com/support/pages/node/6491639&gt;.

Workarounds and Mitigations

None

Related

ibm 133
redhatcve 2
osv 5
cve 4
redhat 2
packetstorm 1
prion 4
zdt 1
veracode 2
github 2
ubuntucve 1
debiancve 1
githubexploit 1
nessus 6
openvas 2
mageia 1
debian 1
oracle 5
ibm
ibm
Security Bulletin: Vulnerabilities in WebSphere Liberty Profile affect IBM InfoSphere Global Name Management (CVE-2020-5258, CVE-2020-4590, CVE-2020-4421)
2022-04-20 17:04:55
Security Bulletin: Multiple Vulnerabilities in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent
2021-07-30 05:06:44
Security Bulletin: Vulnerabilities identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2021-20480, CVE-2021-26296 and CVE-2020-5258)
2021-04-19 10:46:49
redhatcve
redhatcve
CVE-2021-26296
2021-02-18 21:24:39
CVE-2020-5258
2020-03-11 09:40:58
osv
osv
CVE-2021-26296
2021-02-19 09:15:13
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
CVE-2020-5258
2020-03-10 18:15:12
cve
cve
CVE-2021-26296
2021-02-19 09:15:00
CVE-2020-4421
2020-05-06 14:15:00
CVE-2020-4590
2020-09-21 15:15:00
redhat
redhat
(RHSA-2021:2439) Important: Open Liberty 21.0.0.6 Runtime security update
2021-06-15 13:03:25
(RHSA-2020:2054) Important: Open Liberty 20.0.0.5 Runtime security update
2020-05-11 13:29:28
packetstorm
packetstorm
Apache MyFaces 2.x Cross Site Request Forgery
2021-02-20 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-02-19 09:15:00
Code injection
2020-05-06 14:15:00
Design/Logic Flaw
2020-09-21 15:15:00
zdt
zdt
Apache MyFaces 2.x Cross Site Request Forgery Vulnerability
2021-02-20 00:00:00
veracode
veracode
Insecure Anti-CSRF Tokens
2021-02-22 07:08:20
Prototype Pollution
2020-03-11 04:28:44
github
github
Cryptographically weak CSRF tokens in Apache MyFaces
2021-06-16 17:31:39
Prototype pollution in dojo
2020-03-10 18:03:14
ubuntucve
ubuntucve
CVE-2020-5258
2020-03-10 00:00:00
debiancve
debiancve
CVE-2020-5258
2020-03-10 18:15:00
githubexploit
githubexploit
Exploit for Code Injection in Linuxfoundation Dojo
2020-12-01 09:45:48
nessus
nessus
Oracle Enterprise Manager Ops Center UI and Other Patches (July 2021 CPU)
2023-01-19 00:00:00
Debian DLA-2139-1 : dojo security update
2020-03-12 00:00:00
Oracle Primavera Unifier (Jul 2021 CPU)
2021-07-22 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0232)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2139-1)
2020-03-18 00:00:00
mageia
mageia
Updated dojo packages fix security vulnerability
2020-05-27 12:52:46
debian
debian
[SECURITY] [DLA 2139-1] dojo security update
2020-03-11 19:14:41
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON
Related for 90292D88D6F3FB64F49163CE1097952FAB347C6209064E8EFDFA3E73CD335199
ibm133redhatcve2osv5cve4redhat2packetstorm1prion4zdt1veracode2github2ubuntucve1debiancve1githubexploit1nessus6openvas2mageia1debian1oracle5