A vulnerability IBM WebSphere Application Server Liberty could allow an attacker to obtain sensitive information. This vulnerability may affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments. UPDATED 1/29/2021: Added 7.1 fix for IBM Spectrum Protect for Virtual Environments: Data Protection for VMware
CVEID:CVE-2020-4329
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Backup-Archive web user interface | 8.1.7.0-8.1.10.0 (Linux and Windows) |
8.1.9.0-8.1.10.0 (AIX) | |
IBM Spectrum Protect for Space Management | 8.1.7.0-8.1.10.0 (Linux) |
8.1.9.0-8.1.10.0 (AIX) | |
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware |
8.1.0.0-8.1.10.0
7.1.0.0-7.1.8.9
IBM Spectrum Protect (for Virtual Environments: Data Protection for Hyper-V| 8.1.4.0-8.1.10.0
IBM Spectrum Protect Backup-Archive Client web user interface Release|First Fixing
VRM Level|Platform|Link to Fix
โ|โ|โ|โ
8.1| 8.1.11| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6367205>
IBM Spectrum Protect for Space Management Release|First Fixing
VRM Level|Platform|Link to Fix
โ|โ|โ|โ
8.1| 8.1.1.11| AIX
Linux| <https://www.ibm.com/support/pages/node/6335741>
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Release|First Fixing
VRM Level|Platform|Link to Fix
โ|โ|โ|โ
8.1| 8.1.11| Linux
Windows| <https://www.ibm.com/support/pages/node/6152475>
7.1
| 7.1.8.10
| Linux
Windows
| <https://www.ibm.com/support/pages/node/316625>
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Release|First Fixing
VRM Level|Platform|Link to Fix
โ|โ|โ|โ
8.1| 8.1.11| Linux| <https://www.ibm.com/support/pages/node/6152475>
None