Lucene search

K
ibmIBMA5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673
HistorySep 29, 2020 - 8:51 a.m.

Security Bulletin: Security vulnerability in WebSphere Liberty Server shipped with IBM Global Mailbox (CVE-2020-4329)

2020-09-2908:51:15
www.ibm.com
12
websphere liberty server
ibm global mailbox
cve-2020-4329
vulnerability
spoofing
parameter checking
security bulletin
fix
passport advantage
b2bi
sfg
swift package.

EPSS

0.001

Percentile

32.8%

Summary

A security vulnerability has been identified In WebSphere Liberty Server shipped with IBM Global Mailbox.

Vulnerability Details

CVEID:CVE-2020-4329
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Global High Availability Mailbox 6.0.2

Remediation/Fixes

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

โ€”|โ€”|โ€”

Global Mailbox version 6.1.0.0

|

Websphere Liberty version 20.0.0.5

|

CVE-2020-4329

B2Bi v6.1.0.0 is now available on Passport Advantage and Fix Central.

Here are the Fix Central links for IIM images.

B2Bi ( Media +SDK)

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-B2Bi-All&source=dbluesearch&function=fixId&parent=ibm/Other%20software

SFG ( Media +SDK)

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.1.0.0-OtherSoftware-SFG-All&source=SAR&function=fixId&parent=ibm/Other%20software

Swift package

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-all-Swift2016&source=SAR&function=fixId&parent=ibm/Other%20software

Standard Executables

https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-all-Standards-exe-MapEditor-exe&source=SAR&function=fixId&parent=ibm/Other%20software

All above executables as well as Certified Container images are also available on Passport Advantage now.

Note:- For 6.1.0.0 we did not publish docker images.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

32.8%

Related for A5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673