Lucene search
IBM926AE06FA5F80612D28C4DE4F8E06DD9879E486EB4F3DE249F0BA62BDB29ED5FHistoryJan 11, 2021 - 8:14 a.m.
Security Bulletin: HTML comments with sensitive information could be present in IBM Workload Scheduler
2021-01-1108:14:50
www.ibm.com
5
0.001 Low
EPSS
Percentile
19.6%
Summary
HTML comments with sensitive information, as file locations, machine or user names, could be present in IBM Dynamic Workload Console 9.5
Vulnerability Details
CVEID:CVE-2020-4673
**DESCRIPTION:**IBM Workload Automation stores sensitive information in HTML comments that could aid in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186286 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Workload Automation | 9.5.x |
Remediation/Fixes
APAR IJ30010 has been opened to address CVE-2020-4673.
Apar IJ30010 has been included in IBM Workload Scheduler 9.5 FP03 and it is already available on FixCentral.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm workload automation | eq | 9.5 |
Related
prion
prion
Information disclosure
2021-01-12 15:15:00
nvd
nvd
CVE-2020-4673
2021-01-12 15:15:14
cvelist
cvelist
CVE-2020-4673
2021-01-11 00:00:00
cve
cve
CVE-2020-4673
2021-01-12 15:15:14
0.001 Low
EPSS
Percentile
19.6%
Related for 926AE06FA5F80612D28C4DE4F8E06DD9879E486EB4F3DE249F0BA62BDB29ED5F