Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams


## Summary Websphere Application Server Liberty vulnerability CVE-2020-4329 affecting IBM Streams ## Vulnerability Details ** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) ** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty through could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- InfoSphere Streams| 4.1.1.x InfoSphere Streams| 4.2.1.x InfoSphere Streams| 4.3.1.x ## Remediation/Fixes Version 4.x.x: Apply [4.3.1 Fix Pack 3 or higher](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%20Management&product=ibm/Information+Management/InfoSphere+Streams&release=> "4.3.1 Fix Pack 3 or higher" ) Versions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.3.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin. ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm streams 4.3