Lucene search

K
ibmIBM9548F3BD922C19C55E9391D4BACA8EA98682FB5BCA396DD8812365F4C30867A0
HistoryJan 29, 2021 - 6:29 p.m.

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

2021-01-2918:29:02
www.ibm.com
17
ibm websphere application server
ibm spectrum protect
backup-archive client
space management
virtual environments
cve-2020-4329
vulnerability
ibm x-force
spoofing
data protection
vmware
hyper-v

EPSS

0.001

Percentile

32.8%

Summary

A vulnerability IBM WebSphere Application Server Liberty could allow an attacker to obtain sensitive information. This vulnerability may affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments. UPDATED 1/29/2021: Added 7.1 fix for IBM Spectrum Protect for Virtual Environments: Data Protection for VMware

Vulnerability Details

CVEID:CVE-2020-4329
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Backup-Archive web user interface 8.1.7.0-8.1.10.0 (Linux and Windows)
8.1.9.0-8.1.10.0 (AIX)
IBM Spectrum Protect for Space Management 8.1.7.0-8.1.10.0 (Linux)
8.1.9.0-8.1.10.0 (AIX)
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware

8.1.0.0-8.1.10.0
7.1.0.0-7.1.8.9

IBM Spectrum Protect (for Virtual Environments: Data Protection for Hyper-V| 8.1.4.0-8.1.10.0

Remediation/Fixes

IBM Spectrum Protect Backup-Archive Client web user interface Release|First Fixing
VRM Level
|Platform|Link to Fix
โ€”|โ€”|โ€”|โ€”
8.1| 8.1.11| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6367205&gt;

IBM Spectrum Protect for Space Management Release|First Fixing
VRM Level
|Platform|Link to Fix
โ€”|โ€”|โ€”|โ€”
8.1| 8.1.1.11| AIX
Linux| <https://www.ibm.com/support/pages/node/6335741&gt;

IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Release|First Fixing
VRM Level
|Platform|Link to Fix
โ€”|โ€”|โ€”|โ€”
8.1| 8.1.11| Linux
Windows| <https://www.ibm.com/support/pages/node/6152475&gt;
7.1
| 7.1.8.10
| Linux
Windows
| <https://www.ibm.com/support/pages/node/316625&gt;

IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Release|First Fixing
VRM Level
|Platform|Link to Fix
โ€”|โ€”|โ€”|โ€”
8.1| 8.1.11| Linux| <https://www.ibm.com/support/pages/node/6152475&gt;

Workarounds and Mitigations

None

EPSS

0.001

Percentile

32.8%

Related for 9548F3BD922C19C55E9391D4BACA8EA98682FB5BCA396DD8812365F4C30867A0