Security Bulletin: Information disclosure in WebSphere Application Server - Liberty


## Summary Information disclosure in WebSphere Application Server. This has been addressed. ## Vulnerability Details ** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) ** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty through could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- ICP - Compare & Comply| All ## Remediation/Fixes Upgrade to IBM Watson Compare and Comply for IBM Cloud Pak for Data 1.1.9. To download the software, go to Passport Advantage, then search for "watson compare and comply for ICP for Data", then select IBM Watson Compare and Comply for ICP for Data V1.1.9 Linux English , part number CC7JSEN. ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
compare and comply 1.0.0
compare and comply 1.1.8