Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9770323F532BB10EA2CF6AA35FD83A103279F223480B36A5D157CEB2FDA4B9D8
HistoryDec 09, 2020 - 4:14 p.m.

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager

2020-12-0916:14:35
www.ibm.com
11

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Summary

IBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Federated Identity Manager All

Remediation/Fixes

Principal Product and Versions Affected Supporting Product and versions Affected Supporting Product Security Bulletin
IBM Tivoli Federated Identity Manager 6.2.x IBM WebSphere Application Server 7.0, 8.0, 8.5 WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)
IBM Tivoli Federated Identity Manager 6.2.x IBM WebSphere Application Server 7.0, 8.0, 8.5 WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)
IBM Tivoli Federated Identity Manager 6.2.x IBM WebSphere Application Server 7.0, 8.0, 8.5 WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4629)
IBM Tivoli Federated Identity Manager 6.2.x IBM WebSphere Application Server 7.0, 8.0, 8.5 WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576)
IBM Tivoli Federated Identity Manager 6.2.x IBM WebSphere Application Server 7.0, 8.0, 8.5 Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)

Workarounds and Mitigations

None

Related

ibm 139
nessus 7
cve 5
prion 5
osv 2
suse 2
ubuntucve 1
veracode 1
debiancve 1
redhatcve 1
github 1
openvas 17
fedora 15
mageia 1
rosalinux 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest
2020-12-10 06:45:02
Security Bulletin: Multiple security vulnerabilities in WebSphere Application Server affect Predictive Maintenance and Quality and Predictive Maintenance Insights
2020-10-19 15:09:06
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2020-4576, CVE-2020-4629, CVE-2020-4643, CVE-2020-4782)
2020-10-30 19:35:57
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.18 / 9.0.x <= 9.0.5.5 Information Disclosure (6339255)
2021-01-19 00:00:00
openSUSE Security Update : xmlgraphics-batik (openSUSE-2020-851)
2020-07-20 00:00:00
IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 SSRF (CVE-2019-17566)
2020-10-30 00:00:00
cve
cve
CVE-2020-4629
2020-09-30 15:15:00
CVE-2019-17566
2020-11-12 18:15:00
CVE-2020-4643
2020-09-21 17:15:00
prion
prion
Information disclosure
2020-09-30 15:15:00
Server side request forgery (ssrf)
2020-11-12 18:15:00
Xxe
2020-09-21 17:15:00
osv
osv
CVE-2019-17566
2020-11-12 18:15:12
Server-side request forgery (SSRF) in Apache Batik
2022-02-09 00:46:46
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00
ubuntucve
ubuntucve
CVE-2019-17566
2020-11-12 00:00:00
veracode
veracode
Server-side Request Forgery (SSRF)
2020-06-16 09:19:33
debiancve
debiancve
CVE-2019-17566
2020-11-12 18:15:00
redhatcve
redhatcve
CVE-2019-17566
2020-06-18 15:55:19
github
github
Server-side request forgery (SSRF) in Apache Batik
2022-02-09 00:46:46
openvas
openvas
openSUSE: Security Advisory for xmlgraphics-batik (openSUSE-SU-2020:0851-1)
2020-06-23 00:00:00
Fedora: Security Advisory for eclipse (FEDORA-2020-cf8ef2f333)
2020-09-02 00:00:00
Fedora: Security Advisory for eclipse-cdt (FEDORA-2020-cf8ef2f333)
2020-09-02 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: eclipse-ecf-3.14.8-4.fc32
2020-08-31 15:50:28
[SECURITY] Fedora 32 Update: eclipse-mpc-1.8.3-2.fc32
2020-08-31 15:50:29
[SECURITY] Fedora 32 Update: eclipse-m2e-core-1.16.1-1.fc32
2020-08-31 15:50:29
mageia
mageia
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
rosalinux
rosalinux
Advisory ROSA-SA-2023-2239
2023-10-10 08:57:57

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON
Related for 9770323F532BB10EA2CF6AA35FD83A103279F223480B36A5D157CEB2FDA4B9D8
ibm139nessus7cve5prion5osv2suse2ubuntucve1veracode1debiancve1redhatcve1github1openvas17fedora15mageia1rosalinux1