Lucene search

IBMA5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673

HistorySep 29, 2020 - 8:51 a.m.

Security Bulletin: Security vulnerability in WebSphere Liberty Server shipped with IBM Global Mailbox (CVE-2020-4329)

2020-09-2908:51:15

www.ibm.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Summary

A security vulnerability has been identified In WebSphere Liberty Server shipped with IBM Global Mailbox.

Vulnerability Details

CVEID:CVE-2020-4329
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Global High Availability Mailbox	6.0.2

Remediation/Fixes

Principal Product and Version(s)

Affected Supporting Product and Version

Affected Supporting Product Security Bulletin

—|—|—

Global Mailbox version 6.1.0.0

Websphere Liberty version 20.0.0.5

CVE-2020-4329

B2Bi v6.1.0.0 is now available on Passport Advantage and Fix Central.

Here are the Fix Central links for IIM images.

B2Bi ( Media +SDK)

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-B2Bi-All&source=dbluesearch&function=fixId&parent=ibm/Other%20software

SFG ( Media +SDK)

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.1.0.0-OtherSoftware-SFG-All&source=SAR&function=fixId&parent=ibm/Other%20software

Swift package

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-all-Swift2016&source=SAR&function=fixId&parent=ibm/Other%20software

Standard Executables

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-all-Standards-exe-MapEditor-exe&source=SAR&function=fixId&parent=ibm/Other%20software

All above executables as well as Certified Container images are also available on Passport Advantage now.

Note:- For 6.1.0.0 we did not publish docker images.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm global high availability mailboxeq6.0.2

CPE	Name	Operator	Version
	ibm global high availability mailbox	eq	6.0.2

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for A5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673