DATABASE RESOURCES PRICING ABOUT US

{"id": "D794EA27CA7E3FF8825CDCEFF3439F08F1C4C2B94C2E54C22629BF94087D371F", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server", "description": "## Summary\n\nThe following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring (ITM) portal server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4578](<https://vulners.com/cve/CVE-2020-4578>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184433](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184433>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-4643](<https://vulners.com/cve/CVE-2020-4643>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185590](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185590>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4464](<https://vulners.com/cve/CVE-2020-4464>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4534](<https://vulners.com/cve/CVE-2020-4534>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4449](<https://vulners.com/cve/CVE-2020-4449>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 Fix Pack 7 Service Pack 5 (or later Service Pack) \n \n## Remediation/Fixes\n\nFix| VRMF| Remediation/Fix \n---|---|--- \n6.X.X-TIV-ITM_TEPS_EWAS-IHS_ALL_8.55.18.01| 6.3.0.x | <https://www.ibm.com/support/pages/node/6350173> \n \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2022-12-30T17:31:59", "modified": "2022-12-30T17:31:59", "epss": [{"cve": "CVE-2019-17566", "epss": 0.00121, "percentile": 0.45093, "modified": "2023-06-05"}, {"cve": "CVE-2019-4720", "epss": 0.00128, "percentile": 0.46226, "modified": "2023-06-05"}, {"cve": "CVE-2020-4276", "epss": 0.00093, "percentile": 0.3855, "modified": "2023-06-05"}, {"cve": "CVE-2020-4329", "epss": 0.00076, "percentile": 0.31021, "modified": "2023-06-05"}, {"cve": "CVE-2020-4362", "epss": 0.00093, "percentile": 0.3855, "modified": "2023-06-05"}, {"cve": "CVE-2020-4365", "epss": 0.00076, "percentile": 0.31021, "modified": "2023-06-05"}, {"cve": "CVE-2020-4449", "epss": 0.00464, "percentile": 0.71861, "modified": "2023-06-05"}, {"cve": "CVE-2020-4464", "epss": 0.01224, "percentile": 0.83389, "modified": "2023-06-05"}, {"cve": "CVE-2020-4534", "epss": 0.00042, "percentile": 0.05662, "modified": "2023-06-05"}, {"cve": "CVE-2020-4578", "epss": 0.0005, "percentile": 0.17208, "modified": "2023-06-05"}, {"cve": "CVE-2020-4643", "epss": 0.00124, "percentile": 0.45589, "modified": "2023-06-05"}], "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/6351443", "reporter": "IBM", "references": [], "cvelist": ["CVE-2019-17566", "CVE-2019-4720", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4449", "CVE-2020-4464", "CVE-2020-4534", "CVE-2020-4578", "CVE-2020-4643"], "immutableFields": [], "lastseen": "2023-06-05T17:44:36", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17566", "CVE-2019-4720", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4449", "CVE-2020-4464", "CVE-2020-4534", "CVE-2020-4578", "CVE-2020-4643"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-17566"]}, {"type": "fedora", "idList": ["FEDORA:0D7F230979AB", "FEDORA:1364530979AB", "FEDORA:2BD533098BA0", "FEDORA:49205309799A", "FEDORA:61A713098ED5", "FEDORA:7A1EA3098BA2", "FEDORA:85B0430979AB", "FEDORA:94A8C309799A", "FEDORA:9F2FE3098B94", "FEDORA:AF19730979AB", "FEDORA:BACE03098BA0", "FEDORA:C6AD93098B94", "FEDORA:D4B143098BA2", "FEDORA:E0E2C3098BA0", "FEDORA:EDF1E309799A"]}, {"type": "github", "idList": ["GHSA-CMX4-P4V5-HMR5"]}, {"type": "githubexploit", "idList": ["91A6DEF1-A9B3-5679-A098-B3DDA3AB5069"]}, {"type": "ibm", "idList": ["0027B7BC4A216055C44EF0230C4FAABC4052A1FB375CF00355DF972110230701", "016248796F0D60834A9AE6D8C8659223A06C7DCF5A1BFEB093E2C71A7B706F76", "01FB518144D44CF22409F1D272D259205D9A22503BE7F24CED4D16CF439E1FD8", "0266AA0398843DB73372101AB68C82ECBCD4CF436F5F4E2E3977DA1F1922978F", "02FD10030B8366010758D75673B2286A0CD064A8561853F6F314CF7B7BC8B298", "036EA0A600E846F6A02DD17117A50C0F70F9BAD404250267597F62555F45EA04", "03A21E2CEB2AE80B0CB3845788EE2C252B219A2161281A588F3A3FABD346F890", "03FADCC257A17FED6A8C41D04F8606BF0489C6FE20567ACF4008E235575AE7BE", "04ABBB708923892B731E5E85494310295FECB96BEABA340DE48D8A568440E716", "05F3B2BCBA66E63FF50CAB9D4E4610B2EAE6CD3DA38047220611B10B02307DE3", "060D3FC79AEC6F245510B1C6DC4349BA6ECD4B42B6857BA70D63BB7D9BF14A10", "066CC30FF07EA70663C1053750F35662E071CE8F2ADB63927D6FD5956CB157A7", "0676DC64D9FAAA5543CCE97F95B289A6DF997F20DD2C5C84724916098603BA58", "089B564037CD6CBF124F570A0074A8E6C37E90240BCF8C5297D2EBD444E34F18", "099DD49202775CBB1F4948F66DB50FAE41385719EDE85DEF5171C85DA36B727F", "09C6ACF80628EF8C73E427E1D21F5A5A497D751BEB43E7A41354136EC7AE4215", "0A31F68DB301963B3E6B50623943B534F8703E61281AC8C52E4912E862DB85CE", "0B841A25DD5089B54804EEE177963CE7CA3A23E107F528BF4D4DE12B41D18A16", "0BDDBA484F3367829DBE683BE155B8F63CE6E7CF5747401F154DB308D91D8FD4", "0CC910C049BDFB36E56FE6E758DC44AD44DADD25DB050052D3CBBF520A75AA25", "0DD7AF43DE97763E0D93D1D019F9D4F482815C909438E3FDD9E285D6B2ED40B7", "0E85F055F69C36F1AFCDA9AA4C7476B24B7826864D94024DCA43C8F828A3D547", "0E954BE815796B26C7D4ABE2BCCC21DC5663BE0814B4E5F3C1EFE68319DD65E2", "0F12820B445C6807915DEBE3C7ACCEBB645377135267E78257351519B97DB7DE", "0F297F5F87FAC22F33127BF32110D0C0B158B6859BCE9E0ED4EB35484AD06F6A", "0F7411C38D450D0D17C9E0514668E2F096EAD5FA2260C48F544A9D0EC99938E3", "104E5358C09C4A12262672713C06CC3321584D57C3884021EB6B32EED2C9E8BC", "113259207D52BE413F3CAE31F271253A23E845C8A2B64D5637DC8B875CD4F3ED", "11D50567E527C1FAA2CC7E5BFC7E0A144943437DED5DC6E20F8744DBB47E7648", "124495DD455D7F5D1C3DB0D3404B8054E94AC8A5A5D620E6E377E96048271229", "1253187CB975635D45D54CED51835E24ED8D38334E8F956710D4AF60E30CCE34", "126E1024546918D07264839DD88F2FF75D58789A0F611D0689966886112B533B", "13C40A6CBE05F1EBC98A3343C46231D7A4A26A1F59A30B9A4442C8D192AAF443", "14082B1B5D41B7616A5E295FA25DD7F0E1BAF096180976605B25CBAB04D957BC", "142B1BA6B62A94740D651FE3E4D0F0F6D477022D6F17F392FBFC30D1D4D904E2", "154976217130EF4C017061ED199482E4956FF91CB6AF94EDCB8B76B1BB6C9BD1", "156A3B35248A902A31520E1E26268024D08ACAADA592F6B7B992C4E70D76ED8B", "1789DD677115A931C8718DBD3105CB40D233231B07926E1BCDDA0E9CBB32C539", "1930F5573138A1CD32296F50A0F29A604CEC28FCAA812E003BA54391B11FF38E", "1A449331B70E08624F6917B3BDCD2BDC72F106F43E2ED874DAA86D1203CCCF0D", "1A86238F7F143F1D2CDCAF13A7A5121E2734C20B015C44303B08AB3756ADAA1C", "1BFA2107A83F5EBB50F2D9856A4BF86EC74B8639416128FD821C1E4667C6C885", "1C0D8FC2A9F7C68A34516E16D0E30997245D9487C0AA3C2F80109E35400A48A6", "1C1678518312F18585D48228E2C4D89CBF458CAF1277708839EA38E32D0F11E3", "1D175F9C9806A85668A040BF3EFE408975FAD5D82ADCF7E6B3A57BDC6C5B6AE8", "1F51273B8F87F8B83694591AD29AC780AFD865B4FCD0BA2715AD1BECE0B7A556", "20275B53B0179711A539FCD72C61DE61752A9F0A0950F1CD32E564B47C4B4B5D", "20FC8D083652BD9620AA16329F2B0D169CF687E1B0F904A9AC013C7517AD365E", "21376EA0C9CE9C1C06F37735A2454D7C5707C58FD524C9A5F595EFEF61C8A86B", "21A78502CF868CEFFA6DC5C776E16EE0EDF33BAA9E7F3DE611912CC218BF6C9D", "21CBB64CC7208FC4397A79889AE6FAFB7CA0C070A779106F7D5FE2F76748D898", "2384BEA2040F0EA82030057100D5E1E661E0CBC23D9E6114C63CB23567074439", "23E268EEB64CFC2D7FDD4C975BA304D33D447DFDE9A794EB38DA70F337F245C6", "246DDD1D57B18760EE4043AA129693F2498DBCACE4CD31898F949828ABE88FE7", "24C171D2EBFBD69CF6AEEFB17FADCB6350B347E61036097EF3A9343C6459084D", "25CD6FE340F22514220FD6473DC911FECCFC9E40EE608FECC7A422AEEE34ECB9", "25D3745DA0BDED8FAC2DA99D46F547AABBD305F8CB91025DEDEE614E6A1B7EE4", "25E0E8481641B59C734FA90D52D083DED29B79B9E4EA668AC7F57BABFC6EC189", "26289C49F8A28DA67CE8E88E0B6A5EF7DA86BB2689654E94DAF730B00BC2CF30", "264C02DB84560D43F15B55FC00827F64C8C799EB4813FAD5C111008C8E131691", "26DE322353839A2A6A6FF55B4A4D68A25274B1E4BB334E19FC968FC6A13A9983", "276311EA26EA41FBAE81DFB3042788416A0F2799192780CD6BCD5F7081C47F5C", "280F22C59D289D09BF95C27BCBD4E75FDD23E4CB97EDC3D26F891DF09095112C", "287AD0D0843E0A093F40000F5A7ED8E60D44041219321351A7CEA518DDFDBB95", "28D67D71E0A49DA748DAB4271A51D4BF6E47E878D9BDB0D0C2EC8FAA318386B3", "28F8FE772F7744066E89072F94BE119B652D05DADA694784B7CCD72965C551F7", "2914FEBDB9C3A10FF959653391FD46E5CE5D8149716AA8E5F6A4586D4EF64561", "29B2AB85F526C43DF91B173F2AECAEED811ABAEBB52CC83B7FE7C273DF7BED8A", "2A65FC125DA729940F7D04409677484F9FC90234EBEC407C2CC3CBD042F7D26C", "2D4924CE3B8F555920C6EA627BAD17166DD7F265B8C5680132E6BD98422EB722", "2DBED87BD6B20DF54E33A26643E2C72DB36C6461BA103E5E531BABF1C7370D32", "3025667363AA4FD0A84EA6FC4AC56CB4074FA1571D208441ACE2404576480801", "31338194CFFB21A8D792EC0891A93A20D5EA690FA540B623C5E2FEB658219248", "3145AF0C5406567F174CE24AB15ECCCBF1EDAC271CA314F0505020DA0354DFD8", "322B01DE222750C7DF4CF590663CF3B36A1750FAC696257EDFC9883D18F41115", "353C8048EB40D7C11CD60ABB9D7F5DFD666EDB60B698E9932FC1A04919041609", "35A8B908BE6A907E21280C68DBD7C12DD15E7AF64D1204CD2C6EEC2776BC0030", "35F499D41BB18E1C19E15CD058395BEBCD0F4434ACF6B50613E044055AF257B7", "3722E6256CF611A8E354B651D8087BAC85A3FD142BB381167243BD40A22BD61F", "37726B7ECDED9C8E44EED63B9E93396296E7CF9E2C4BC54348567015E9508C6A", "378BE0AE9115556839B6838DD143454A31F920F6E06B153C6C912D736A8A5E6B", "38196E5969E3832D5283656E865BC6AC8E6148796AD06026B314C2AFB93E932C", "3883F73D7867160F09A99EA9B330CA794A7DC879AC7B6D27AAD98B0884ABF92B", "3980A77512968311FF20D759A7F6AE13890A49B7695002FAE8BD7F61522AC91F", "3B29E76A6FB5013338408E3A12D9C2E41ED21A8A0E9A3D01276C766E06328B95", "3B6FFA1802620B3837E9241495B519A902FD546289DECADF7240559B78CE4CDA", "3BEB441D10779A1942BF02B10D6A1555A8433CFB0B2D08C01720323538A45578", "3D04811CD7C9B337157F4E06A7E1B2584D270E7E69B726B8521CEEE31E88AF6A", "3E9E58CB133C398A1E07C6770AAE40040AA7AC2816C667CD2848FFBE982ACCBD", "3EF27EDFE1E19646705CD416A504DE060368CEC25203E57080D26C6A6097A64F", "3F0DB6A6B43161E807AC17CE719A18BD26C81F3134F4959AA51E211376F74BD1", "3FB4899A3FB4C7FAB480D72B8D89C0F7ADBEBEFD1C82260C0DDD1186FCFD1DB8", "3FDB0DA56D3946314DDFC654D1E4E417AFF910588FBE8389363DF9087FB1496C", "43889098AF27B56E1AAC2C0ADC87D15751A2B0CCE3BF25260E32BBE3CCA7CE93", "43DA011A37CE03FA64B094E9F5770A93BEF6CF43E03F703E6569EEA76986A4F8", "44307B44119A69F2A7E2E3CC5B1FD7B80E121C1C95887759C5496379420C526E", "44783FBE5A56631F824B0BD81DD9283D986371A072B0452A51C478BF8C46E0FD", "44D4BE9C6B3A5CA2D7E393A0C6B1DE6752C9B6BDF8F6BC23CA690D4063D3152B", "44E18B12EF597D9D94FC1ED9BB3AB29FFA1D20FF680B69AE44C8A566BC178B91", "44F8F51D369D3F744AF193AB2E497189282F22F94B8B3424EA2B099B5580CD94", "451F72C42C9FA5B3638C6F2233F910FC635FE2A09DB2B0F71474AE8603F61D92", "467CF97BCB360927DBFFE98B67B787639BE1F772AB145EC498B8B01C4AC15F2C", "46A70A5DCC82B9F0BE8D09EF31A748079C7C3F6ACC5769FC8CF7E487AB1D0EA9", "47274321AA3430917FC9FF88F99229CD7614CD6268ABCD535250486839A8D636", "47377382FB42339D4CE97A4452C254F07E69CAE5413DDD356B24FAAA26841F46", "474E5C374EB6E712AB6BBDD61268EAC7A90B2545EECE47314B9D6EF8E96C0249", "476B017015C7BC4F8F39C2B41A3D687C1FD9E58B44A524C0A4CF05B7ED875145", "479E27B6C804748037AC1A6C1F595E1997742C2106CC3FBAF31ACC193F934F11", "491347999EF4690C54EC87433EDC5E1191F7E4125190BB83A233E670265F9D9C", "491394DDEE034747D7811D1973C25BFF278CF244B77553F19F191E2CAC5CF3CB", "49E1F39ABF4EEB7FF80D7A7714F4484034178E7E98AFA9AA70C6A3D2D43EFABA", "4A7EF571EEA2A8213F4692C6ECE597377F0A591F1BCAAE249C6384ADA74DAE91", "4B8D0DBC092E7A0DC31C2D0F1C3DBC059D171479245958B83BB133FC45ED7312", "4B9B5973ECB6BF9D964D666AB84A86D0BE4913C96B2CD56E503C78B2893FB8AA", "4BEC8E9463E4B27C09D4E3ECF5C98A9E0D6D193C06E6EFC3DEDB9F41368D7DC0", "4BFA3A2F692D8FC8DE4F07BCA56AA58679411D74D1AC3CD28957EF6A817C1264", "4C530226C2C82FCA90A29F26A05A9D0BF640534450027EDE7596BB30563A3845", "4CFD829FC5689C830F733DAAFC137E197362F6BE4BEBE94E8E13BF7B2EF0B11E", "4E52259BE24BBA806EEFFFEDA4C93B36BD8A5BA909375D19621431266388CD2E", "4EEA40866A50FD47B88CDEDFE5D4501E3C595A076C9874F03873B7D7BEC2B0F8", "4EFC1C9A82D1F1C1CD8083DFC2150E3CE56082C5F1AC6970481FBD1FD6B53E24", "4F2D82A4F724C8AC105424E03F5FBC319EFED1ECC4C4FC502E3EE79470EB24D9", "4F83B26494F5C02A937F66487471A788F350B0FE1D9EABC80254DB502CA97A51", "51C64898345F327DD93881C52DC0BCDB22915CDD412C72A65BE394B7A650FE83", "51D185DB29AE6E4FAD71119D872DA0F52814A6C17A59AD1AF9B79D0668C33FBB", "53C2D6108C86A009E8DF79B01F3AB09612F1229287BA2C61D59C07370C06173A", "53DD4EBA25137DCF4917C3B0715AF24BFB0FBC10256BB5FB0DC53D7BD9B24F62", "54232EB09291F37672F1DCD760E739BD98F95251B2201F30CF0081923FF441E4", "54E686FBB2E60A0BDEAB59EFECEB36D61C77A784661FD44124BD8864158EE317", "5608452B7B7D3EBA10686160273C76A891A85FC00D20639CEFC94D59B6E45D99", "563DBE7EB4A93D4CD5CA029C60E237675D1C028EB85F21B0D0BB31084C265CB6", "567625FF8DF333D5C563E40EDFFF9516FF13EA40EAFE9A2E68635850284A1A44", "569C80E6ECBAACEAB0E71AC1954ED813B7EB93080B6E93739B45E055D91FC351", "570AF6CDC4F7E864E6852EBD03923041C13A884B424AC254820AD0EEB73694DF", "574FC031AF9B64FDFC8B0BF65E22355456EDFA4CF1ECE74E592CA6972407F30F", "5786D61ABA1B23C792D948DED7059E96FAE5081FB66C2FAB1FAFE8BE97345A28", "57F83FE748ACCBE802E7C366AFDED4D7CB877B2F7CBB30E2CF6B5D2580CDE14C", "583B4EC604B94C469C4DE44FF99FFC90AB1BE9C2A84ECBEDB90D7CDD5FE2E8CA", "589A2832E6011C04D935A964DC4FDC28B2C467E04C393138914F39193C6EB95D", "5918C016B20B5ACA60A7D119FD2C32C94F0627AB911B7E60826658D357145A38", "5A1C9772619F5BB913E84D90772ACACFD37BEE517E8FC958C08EA260EAAF5BD6", "5A5125925EBA02E1F8D635FF8A050A4D44668622DA9EECE18E8D3B2742917CD2", "5B1CAC420B37804647C541FAC183826F2E21797B0700F6651A1152500668559E", "5CCD6848CD0AF24F2989DD5C2CECF36D94FA0B0D4C7812A8B2EBD86628748485", "5D27044FC6F32C09AC9ACEAA7E1893AD8368B3A89DFE817BCE757850250E805D", "5D8C40983A1BCB78D36B7DF2374D6AE029F0F4282200D955A0BBA8DB40749562", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5F3403ED8D02DAA10FBA538CB4DCF56BD8B109CAED21CA46B345AAC79FF9F20F", "5F792F8D340FF2EE83DE40316936CA0AA1272904A4423A4CAF9FA698D9FD6BE0", "602F7DC12145A4C85D2027947D4108B54FAD7C292FC222DA0A6A2CF4FAF28D0E", "607007FE560959C96A7D7309FFC95320C63D2655013332B176F60414ABC8616C", "6079493219A5CD126F67C75B3C09C5C1FFB49FA42B2B03A1539A4146413F8909", "6081C063A4E9E732CE9C73EECD35397CC24D23284D3B3023EE530CBF55170002", "6103313C4B5276F36DF647FA6DB55511E0FBD6B63897CF59716858AEE6F906D9", "617B4CF0EF3F9A9F2F54246D1D2A2792AA6769F6B44F8DC3B01F11745B2422C8", "61C3F15886364FC22D270B27228FD5FA37CCAE5CB24408C225EC21FF0A7ECDF1", "6208531C8C7EF482433CF996B41231CFC786C8C86B062915F1321F2094BE269D", "6319DF1B256EC58709172407AF4A25DE3588354F1CDF0FE760752C81DC6DA075", "6460D41996E43CB75276902519E15745959E2FFD675E2119EAA294B305A37593", "651519A7CF3934936F8772EF168CF781B5ECC7610377F209DF254077426D7CED", "6558AFEB72F9052A7DDC452902F768EE59867F40CAC6B3E8ADA809260B835C7C", "65AC33072AF8ABBAA1E90D22A6164663D0FCF7967CC7051A7C6B601CEA97BF53", "65BD9ACADC9044E17F337DB569D63B71E61FF403A90135971CEE51E242EE36F2", "666F24C8DBF4014A69735968E09FF5A01952E6AD6A72CA8D1BA4E1EDEFD1D038", "66886B86D22AD162D05F9B987C32085ED4A1AA2754E87D356E718DE087B7313A", "67146E2A524C8FB5A1DFD73F1DB4911AAB49B852B996D26C9FDC1C6AD38C7259", "67346E7CF572D0FD43CBE4D97B778DE1015A3DCC028A4479108AEC62026B45CA", "678C3CA89B776D75D25667EC1728A76A3B99C82D0FACDD9F01F25192C1EBCF84", "693658DCE0F371748D69D63EAD5B48AAC0350649F64CFEB925F5CA6BD3E2A97C", "6A0D9421C284C29C699BD48273C99B57CF4E764A76760B5A163F68BA4E03AA6F", "6A4BBC92633A5E34B48E1547834611BAAD85CE223FC5369B32BA4F23A5EC9C73", "6A6D3443974438B65979A6338422445099F3CA76DB149428DB7450AB644D4F69", "6AEFF4A1E2CE43A6C28306F76FC53576CD3450EAD0A3066EC2E34BFAACC1BE07", "6AF6A75AB47A85BD264ED489D020A601CD49E58065CEDF72F8DBC129C0B69CAB", "6C0B46071036140AA51372906322730888C9E7399B10A1E9F089A640862B19CC", "6C617B84BA8CD77B749DCCB965A9B2174B6A49D01AD38450C1B53B2374E56C70", "6CDB982FBFBBF8AB2CECD098004B129E243F0565731831FDF4A03F2EA2B562E7", "6D076F47962BE7D6E2C4DDD413F1AD1C9008DE7A5D9AF86480DD73C6073F7E9E", "6E15388FEC4AEF961ACD45CDEA784062121BF39A5E1909E3C780D0C5147A52E5", "6E7625FC4A910ACF24BD1B3F645D1662C0320B3BB6C41373FA358B1C5A9F9CFC", "6F4EACEFB51937EB746B4C0034BC67DC24D36A686094196181F33FE6C24A9701", "6FA137EFE432E9DB974E04AE47D6A29DE89F27AF0B1E37EBA756CFF32ADEDFD7", "6FC3A70E69693A6A15050339D9B2368FE0F69A247562F6FDA33037FBACD59417", "6FC536900A34B847E42046BE9C6266291685F5F8D4293007DAC2C0021AB6CFF7", "7008AF9205A95193C7AD3940DA76184B54338ED5DE3A71F3368BAF475057A556", "70206BCCE747ADF9964BC5AC7DD6EB8D8DAA93482BF8885A9081AAAB7BEAB1D3", "7023115A94233B703D854D5CB3F1A621249C76ECD01307D191788B785D46A701", "7152C8E7A6790A2A188ACC950BA93C7B52DC92D35C728E06EA491C2A3CE8F02F", "717EA7B7E291CEAF2956470CE508AB38C2BF8E63133D28CF594496671ADDDEE9", "728CEC9E2AADBC1EAECA74EBFC6AF4B992BF257D874B5690F28658D55BBA390F", "72FDC7ACE37453A4C45D6056B76A38DAB964209EA3654296776CF200F9BBCFD0", "74367E5FAA9153FBB3294400EDD4E66E3FC454449E232848EB9B92B9E9B4CE23", "757696CF6B25D861147516A0233F27AA8ED63CE44EC3D079E6265FF809DBCB35", "77D1D444B20370DE0EDFF23D9E385D851AC796623E4D85D114F6A8AA31FAB59A", "780F902F0C5B8AE6EDE5BD904B29901F8F625B6E4289CA1191FF83A4EBFA5306", "7BA12B7A2C2BCEE40A55BB21BC529BDB0D9B20B59E6F2983995AF5849503866F", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7F64ABD83A792D617A2AF9021224D3891ACD98806409091724BD7F4981A1DEB7", "7F8C5B286D46F7C07594D83B9BEAA8FFE7516BE4B7A585530E218AC7EB0CDC1F", "7F8E6554F6DA398AA724606DE234AF7EF09A532D4299A3D1BE71DF4204B3FCF6", "80F63C4DBA4692F1399B8419C02ECEE29E4B32D85EDDE77D136EB81CBB859B9C", "8275C3B123771E721297381D0F66E5CCB99C5D5EA14F12413C6DF109D950665B", "832FBB85FABD141B0F8C82660244BC99DC8A20EC16B7C5117AD9B5AE1F85C7DC", "845034F004D5E87FCBDDBF4DF19CBEEE3865967F212423D2B39A2634A34BBB84", "84A310ED49DE6752B94CA056CE617FCBEDD44DC4D9D5740C3D037B5256856767", "851379121775345602341EDB0ED27BF151E4ED5C9AA8B97C1A4C4064A048DDF4", "860573F040C03CC664808FCC2BD448C2ADD9020A5F541F32D1E0724CEC95FF56", "8623F3BCA39750F461E25D38E5D80C77F99E3F53EEDF08FE02CB010C7347CEA3", "86BC382413D13FEC49BBCF5FC0129F8B83C058E0C0CDD0CFC599911E284C4FA7", "86D81D4FF071D7D46BB506C67EA7CE93C082F0DB66B01AA7474850EEE2C3CBD5", "871C55DBC042A2F4D04B01A508993C59B9F1FA001A740E7DF34349C97090C0BD", "87875510813D1DB49DB3083F4FD9E7E533347832C24E964756F893FB73BEC21B", "87C8C87F4B6B5E4949B0BBE1E6C16D7511DCBB8AA384A4558293B4D8FA1143F6", "889AEF340E86A1FF8AE75CD323791BF93186173C5DCEC257F97767066CFAFD1D", "89289E9A98285CD79B0D3F1F025DD0EAA5E6629F7ADF333B9EF34FE380BACA0A", "89889D01EFEB2906CEB101B24500260E255984420DF03BB57D83997D812CEE0A", "8B09AD4AC24D6E8E14D92335F42541805069E1DAE6D86CD1B6260B5FE019BA73", "8C188C0D2A0502498EFDA98119EA020FAB6FAE0E7E28A0DEC0BD7B63D17039AB", "8CAFF844F1658866DD6C2A0CEC24C875EB958BDD2066F497FB69D4028BCC28BF", "8CBFC8659807D44620C0EC7BA3FE40B60677930B451F9F6897B1BD4DE15E2F97", "8DA236BF190960C2E20C01B1DDE110742EBA0BB278E6174D1B98558B3FE80575", "9081ED85EA10CB575BFD1EB11FA27A662DFAB7101202111CD17F820A9D435CE8", "918EC90267CF1760ED229DE75BD576095419855F5087F191C08D402ADF7504D9", "920CE3750D6F5062EF6D97ABBEC79954ED66A1599BB4C1D9D5D9EE462B593D9F", "92632CCF2E5D968091A91A66449BF402408AACCDD70624AA9ACC2E9C6CAE4822", "929D837DD9C3EA90C20AF84418A0A2BB1D61BFBA6F69A8B90EB5479898403F5C", "92DDBBDC460D6543CB9BFE965F63EDA565CCD1EA4CB283723A921DEDE857ACC5", "932925E1037ED82721BC6DC142A9C2642FF0DE1519D1063C1E121B0FF0B92345", "94D98A724C65795259366B27DC62DDCA553E24F05F99EDA4357581E0DC622EB0", "9548F3BD922C19C55E9391D4BACA8EA98682FB5BCA396DD8812365F4C30867A0", "958D3B4A5A0C1FD39CFF6BC608C4A1729951FA8F9C647E5838B8F638A26061A5", "9597A8DA413DEA047F25252B086CCCDA7543FCBC7042D730228D872AF048DEA1", "95A0331F3BEA1EBD0D529E31AA0CFF972F79A25ADF9D95A777B7B0FA5EA42E51", "96131552C11C489EF2F142CAF94550F397BAD1654456F371568AEC0B3C92AE59", "976F919FC290A9CF04D278802234E03FE2D845802AC74A80B70EA7452D3CBBA2", "9770323F532BB10EA2CF6AA35FD83A103279F223480B36A5D157CEB2FDA4B9D8", "97CDC805F58A9B1C47D1FD84E32A701014B49D66DDD17B2EC600FE00B246D4A3", "984C658A69722C7E2D34C03CB9FA5EF111C30C21C8A4692FD40619BAD0DA6426", "98753DD5A47155B43FDD85B8F35D8CA58ADD17824EBC1C028635D87D3D94F55C", "99126F9F2548EE2300C741A1541AAF9CD2E67330BBEEA99D1CCE5C23EA09B155", "9BB137A2C15EDDA2FAD8099BF31EC43072DCB5CFA903CDC8CF3248DC677FE923", "9BEFDC7405EFF7F814FBDFC6EB393149CC340D149F755D0B92AEF1023D307A53", "9C9BD6083322204839F8553AEFDE11C546EEC223C7CE000659E67773279CB0C3", "9D39B93A1C36627BC3DA13FD083389B13C3A0745B9533AA568A23563CB52FDDC", "9E1BB215B06E70813889A210BA1C63DEA88480C8704FBDA41B1612E059BF1140", "9EAD2C6588E8F0780D962C867D7BE79131D9EBE261DD91E58009BCED2EF9C966", "9F51227A933365BAB4E61C4D1E8695CE3A2CAEAE27CCC9C6EDD242CBF9439834", "9F96BCB8F23184B1109B352C6B12962076F81364ABD4DD5E1245B006FA40B919", "A19C7DB3D10F228B0E192F9FC45BA5C4EA1CC1B39C3D650FC46AC90A6A37E1CD", "A1EFACF2069DC3D9306569DB75291E800141DD6232DEB3E7928DC96CA216C1CC", "A2924B4DE05BD5A9DE02BD29915404543555C0C4AAE9016A5C570D5EE0CB6EA6", "A2DE05E412B7035638B34D8EB6B98386D6D00CA72BD8F80C09141A25B1FCFC3C", "A3C55652F9A1A6B8950F7BED8B0E4416B16DE12D384B96E9E34E2D40FA65D07B", "A5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673", "A723DDE407BAD02EA174056C8472D7F717073A89A2422790546E09A7047E1824", "A778665E3A13285610D462BB48B8B364C628140C0274B757D7504580D6201440", "A7B5DFA89534013C5C0B752FA00CA59BCDFA236742B0F2060D8475E1E61EF418", "A801C0134AF3AE69F120F9758CA8985C815F0984281741FDA5A847A1ACC66AFF", "A8B1328EDAD509E1D76C6016AE0790BC81F18C61790542709096AA8E663BAEC6", "A8FA0CA82D0B99F83999500658131D63342A6D01F0626378469C4233C286CA4C", "A9DBFF863A6956B8DCA6D07F7B3E49FD83B3B78BAB81E574B7DE5914E7A805BA", "AA3D6A256DB89473DCE1EBEE729C86EF51F517A83CCBCFAE57AD75A59E90058B", "AAB63CA611C91C086C2D2BC4EDEABC95ECFE557C5518B51036200FBBD8C29B34", "AAD609CAA94C916589F4887D6CD5C2416E4F6208E4578B25FA022618187A432A", "AAE68AA2EFC385FF3EBD4382FB866664D480CC7F1DD4B169227644E77ADC4B20", "AAFFFDEC8F98AF5800467BB5F57A3092C9F11CF3A97E31DFD6C11B8152F499EE", "ACBEAC66D4C77E6E0A8CA29C8E2103087D2D4C85F414F793D1FC336B951FB25C", "ACDFCA5E93908C1CC35E54B4EF854ED57BCD6CD2641A3590CD2418E8BCA917EA", "AD39C416EB5696DBABB8F348C24A823CB98337B9E36B23DC91AC6C26EC0E76D4", "AE00FB59C4C5890B5FB641690EEA9F234AE860A6025824F78EBD0F309BF503F1", "AE9FCFFF0398E144DDAD797967457B662931846E8FEE6194A2655AA5B730BCBC", "AF1E7C0E7AEB6A7745DD28859766C9018DBFD2ECD10FE9D39C7EEB35939A2141", "AFDFD85F2CF1D11E09505DD0597E9BCE253A4C4F2F99EBAF3B1A1745134605D2", "B2614B5F45778F9EE075BE8C3E09C16A3FDF1090E52286416A11A1DD49FBA2F2", "B2A50DF3EC1594620E8A37ADF929CB730D5142281927CA3F2AE3C4F02F910D8B", "B2B33DC1DCAEC07D9F9164E0AD1390F5BFB58C4EE2BDF74B976625E39A9F5AF0", "B3580AD07E66A6F5601696068077AA4C33AC4B6FAD45556E4E89CF28B551CCCB", "B4FB56CD786500EDD3DBBB2AB774D5CA785B1E5906A71B19B547681BEE096D12", "B4FE1B26E5C26CDC219CEB5E6DB28E0AF62C714D0BDFC3E7626485AFD5DD33E9", "B5D619F80B40CA348764269812D0E090A840B076892A000FA3D00738F8AD463A", "B60F2DE561421149178C0830D6DD1EA4E4B1D14D2A06C69E877CB955E38F038A", "B707DFEB85B90BC5BAB2254D6389D5108EBC942E30A051075778C9ECE6D61662", "B7D7C09AA3957447FD5B3D3BD6AAD56CD3C7645746D04D52839C4B2817CED9A1", "B7D99DF4C04CF5F3A2B3D2119C254ABE8CDD229DB7014A05C47081E83C530B8F", "B8BFC6B2E572B474A265833969C6B464413D274C16BC26C56B4AF895D018F4CE", "B91EBC88DBACAB9200A243302F2C05A172A3854741A95DE8DAC65CAB355AC1A3", "B9609A42BFED86C36189258C748597C29F9D824D3DD52ECECFEEA902FDA884B1", "B9E90543C3CF1DFBA0782BBC29DAC9E1D62AB90500B4CD771DBABED35D5F3C0A", "BC070218311BD92530C7F456122C53672C90383C1C7EAD31CC173DEE508ACBD9", "BCA027FA7D68C9D2F6EFB13F806B8079B33B6915652CA3528C215F14F4BF5136", "BD08BAFAC8E63B1DECDE717720A4786F6973C91169A47A7D0C9FA37A30523ED7", "BEAC98106F3B73EA589C11A1476471BDC3FB6349D9F88DECB8C796AB0B23DFCA", "BF65060D894F88440887145F957785E7DC97CFCE4B58544406F33D1BDDF7F3DC", "BFD3B2B780AE5E2B57758FF9D1854E539D0BDD7480D41CE99BA69E3C8264005C", "C06037486063080DAF0903578E651F281F08105507F07A61B0292AD4FC96B7DB", "C0C0BE37703E3B923259F980A7F946DB540E263A82DF998A29998BA1DE07B6F2", "C16ABA3451616F0B12FF9B91C183BC2B0F3C7E6BA4CC7ADB8E3163E2152E6C65", "C22CC0C04AA48102CB2EBEF5AD691FDAD7FE1267768536619BBE66401698B809", "C240BBFDC8BC9CE0EAAFF7EBDB320E1A1CAE89E9A580402A7B118BEAD23A73D4", "C271913B2440899C08A55447029AB1A0AC6DCE6638B3B42E74B54F5FFEB8E397", "C2D98FB095080E797F0C2EA04C286BF0B2C1E94A97ADA680D9B115BD80F74285", "C2F6F5506480CB85A6DB6F096B7B7E562DE0419E55AED7EE6FAA08C1F5DCFB05", "C37489A3008709711E04D9213CE41F2C8842AA8EB95384089F1CEB6D69E051DC", "C3E3057AE135C2A7A4474659D944B8AA77F9FB34B2A08C461CCD38E75FE32089", "C4023F9D05275ED3C66B169CE0D3B807C7D4D7FC324365D9C8DE18321BF9E2DF", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "C60289D204614CD6F487491D985F924542C108BE5DDA61A136A99A5BF2EE3F15", "C658FC5F35EA81EA139B8BD636CD7716958E2E2F1D560D0AFDE22AFAB6106BA0", "C6780300E3EFD7F6811EECD650C04D87FD052560A5F1FA302479AFF8AA4F7FDC", "C698ACD8BD878FFAF13B5530425B16956E9503FE860A025CB74500FC8F4D6D5D", "C79ABE37111E40B8119B6208DDFB3B24D9B9E990150EA4A641716A4FF5E8EF31", "C9392554200379AD1B651B7062D43E6DE91F890D7B000CB90FEAC912B97F65E0", "C941A2D7630C1EEC15E80BE6D862CE593ECABDE4BC36E967811030825C92AE29", "C95C9771121CCE6842ACFEDC26BFC21B9739D3FC215633C459D55FD458440B00", "C9C4235C34E1A436F6973E926458F8E4E760EA8C85112E0BC1C3CC10E448DFA5", "C9DE4845305DF0F83378929053ED892F37959591039ECF2D78BF547B6F112585", "CA3F2B7B24C5EBFD6582A6E014330DFFAA01B5BB26B23011797240E1D93A9751", "CDA54BB7AD19A45B935024FCB8EF9167D8CD70EA8D1DDC6ED448AA8AE94AD619", "CE7B09FDAB4AD52C4D2DF48D876D11F77AB8D075D2126DF86BCFAB3FD1F6D522", "CF96155EBDBFEB76CEC027341CADB800CDAE0961E8A5F5AA5EFB7272EA972F66", "D00CE0285A4F7F2D040FEB9E42204B251DB78A299D7FFC4E7348291016376C6E", "D0B36475A4B658E0814531AA499810EB812EB1431F68943B8310DF7002931DBE", "D0E9A6FEA2999AD188DFACA4CDB52E09ADE22AA518CBD8BB87F91A5E6058C8B4", "D1EE65B724C053B8C531DB8F905A57DF1D402D875E50E3E22DD86A5856E65A9D", "D1F4A6DDA0B5756E1496121D947598D8F21D0173838280618DBC9BDB9CC99F1E", "D2B7B35BD52108BE254B2544F488D09D49626B6D6879BD69CC3F565127431B03", "D2C1B330A8F6B3F189F3D9DCCABD0394AFE8DEAA38398005BE240F19C0DE0862", "D3880C7852DB9EFFBB3B76955322352B435D1896CD07A0825E679BDC935BB4D1", "D414FED16B358AD7FE6B00E67C7AA1DB43FD19DDFB901B5F7ABA9F0E20BEB6EC", "D48F5D967CAB789B94C7E1D084F92F01492F6ACFBE7DCFCADD9E3FE725B16F75", "D5D45CE29D408089823EDDD9EAA29E8666A867CB9B4D5A7E4821A1892A1E39C0", "D5F5876D51E1333B156D6BAB7A3B9B711BB9B026AF79134525B9F927D3CE884B", "D749198CFA398E3FE70DB177828133BCFDE49DD1D6A4B6CD094FCE9101F991A4", "D7FEBA922F3CC8C5AB75708E1DEE45B88FB2504EF15EEDFE8AEF8974FE9405F0", "D8A71834956CA3686AD86B46BDB99A8722681ED083E133C34C036296114E5BD5", "D91D5DB5A40E711632B505AA5C086735FB04E313FC3A69BB0D647894D124C07B", "D9DD7B1E68819557246CE052C2A1D441B9E54DC8325262221F36E256E53A425B", "D9E8D125D2A5D32BB22B755D0193D28F3F5DE0A694D5EF40ABD49E19443F4CBE", "DABA7DED974B2398189D6CD437940649E019A14178C8AB32F290EB35C8669636", "DB96F671D2C03801FFDB9E0404F5E6EB5CE8F28F9A4DF89501AEDFCF7E039266", "DC8B783B9EAA31C03B1E404FC721223E232D2BB78FAD1F0FF5BCC2915BC8629E", "DD1E4FBBDF4FA000EDF2E286A05EA634208DB4377C6B455CD048AACE3C0B8023", "DDCF25AFD495DBD7D06398438314BF7845A2CEC74BFE45F295C9CE67BD318E39", "DEFBED52ABC2310EDCD812EAE7D66EFB050F845095358FC260D8C8294857312A", "E01AE27864F5D21E9DE4882755AFD601FD4EE9EEF1B77AD913AFA5BAC1F8BF77", "E24DA558C6C58E4DA05950B06D7C9C1BFB980CB0462AF1D70A81036D55BCE675", "E28F9F6C9E7CA32A9CB4C9083104160A9FFAE5054315A1257B99E6F712F98C5F", "E2B86254D720126A86E0D868B69F73304F67BBA828605033D214DA145B7078F4", "E362EBCBEB18984C3F95A2E9B16F0D6BCB101E27F50F764417CF1574FE5064FC", "E37521CF9AEA15A506E74C8F2964CA01FD757349E010363B351F3F67EF6EC858", "E477BE4D73F72972D5ED04AE1F52E86348D8674550100046AC9C2F465DC3514C", "E4D141B28A85CF2CA4B4DC137792F694466AF269104F4B47920196950492F3CE", "E619F0B12EAE67CCCEC5CE0326BC6EB363C3E94F87723AB21878B776DD8B0317", "E643425D7938402C778E161E848033FFD16F90BB75AD7E88227977F59105471B", "E677723D81339CA25FE5CB670D8786FB1ABB44D538C8C5D7C05E9A9FAE453FF7", "E7149BAF851D59CC1321847C1DFE489BA8DA0AFE249FC533BE963E8C4AD7DE4E", "E8347ACAF81B4BEE7BCA21CC0C47E2063445B19E9FA4E4431CEF5FAB5FF7AE86", "E888E5EBE83D27A538FE4C5957DF731881D9808C40870DA1BFEB861547852D38", "E976E5758209A8AAC453A889E38AB09038103FF18FD79D09A6274289D2CD1C31", "E985F7DD50D9D8A298856E2C1DDC013C56A405C6DA86C2ECE58AB850F0AC19BE", "E9CDD69A151880279AA5C5E27039A10306BBC1E05EF41BEE24FB52ADDD64851C", "EB600CE5395CD89BA24F74E48B91CAA92CF18E64A90B1514E5930A42BF80F58A", "EBBA69401956060B98C4FDDE1CDAAA10D09B28A527F8C5C2F8D2998B16B675C4", "EC5CD916ADD0F8360EEC8B3E8408BE984222D573F002264AFCEFE8F737929419", "ED45B3D03432EA991E20FCFB7B9FD0CD25D3E1B834197F239D900E5975F863A2", "ED5493758E1BB2264B2528B7BFDF7459C01FEC351EDA1D8EA5F345B3F0121AD0", "EDC8FA617866F99772D842D31A33C6C6C4A0DDAD538375D9285202B64BACC05D", "EE6EFFD8E6A7D3AA032A7AB72AB7630EDD8444681F9729BDF2C014CB0210A741", "EE8D3A0FEFA67706787A5BC66641D09B2650AEC307F61637154D7B7341BF2EB2", "EF0B8ABDDF0182AD0AB63DBD4F3EA0B3769B57CF195F94A299C8DFE53DDE410A", "F03FB50DDB13A9CC53CE5198B9C5207C578A0E1AF3DC8ABBE4C0CB13C149FA21", "F0F6B314EFF00F10A24D71AC701C8D020FAE17292397195CFCABDAC91A29CD99", "F171D1A128ED9F033A8E4EB7F107F3B0F58ABA4074ACD771E59F004AAC676A0A", "F1B3634B8733584864D98B4C436B7290E24275D03ABB8EEFDD4B8AA27AF04574", "F2BB0ADE3C17787F821488B844543E7219EE78ADC5A165D5F1605D11934F00E3", "F2C0FD9B6F69E9045C9C79CC5F846E47457E4B2414EED330DCE2A52BEF475BF0", "F34B5F292CB847FA020D7DE6B1D106C2936615E0FDD5B4DA8BCD5F33FFC8563D", "F377DF4D5AC9CB427BA3320F84A8C72B6AAAF416F9D328B27A64447BFD6CF455", "F3F782D7C52FB7EDB2E3360618EA58B1F3470CCF5FC14BCA7DB46A5535A7293A", "F4188E3B827097B5726FE571691C7D8BDE2707668C61436452DE873879AB6FA6", "F446D51FEDB5F73A9E36B63022054DF779601A61DC5ACAF68409ABEF3181D253", "F4847255965F55D08BC65DB484BB5478FE0295780316FC596076589BA3B93D64", "F4CA880341B94608CA96ABB2752E8B1E313AAF497D8551E7FBFF02076E793142", "F506FF540835CEFD27133D3CB3A0A3BA032DD083A74134905F9B468ADF436E2F", "F60A6F1D4C05ED43B8F365B3AEAA19D12DF97A65E78C228FD344899E49AEEE00", "F62579C3E4B81795A8D4360950F9C77324C86A556B4A449844FC0EA46C4967E8", "F6F3C8627D41385A1039F7AF0FB7D45F6A6CA11B68B47B32B99C3A48154AA997", "F7CFF765DD44AF112B428A21101BB56DAA4C74B46BAB3908CD6DC291CDBDCB3E", "FA2C72E4AFA3A62959089AF8C9092C1A2A774A232D182E26C4A2231071F1A932", "FABCEEE5B42810F7F58BD1AE35E9269CF73FDE1B795432FF4E88BFDBFFC41988", "FB14AAD69AFCBE5F3ECAD3CB731D6D0654F28E9886622716D7B202ED45C197DC", "FBA41B1026AF476134163409FA0342AF1D82FB96D8B3BF1226A867A803C6EED6", "FCE07050809EDF0FDD5519879C9E4BCB128AC13A84C2716F0B87AC89A1907CD6", "FE28B8898498A227E2220C2F9647F725699EEA511DFACC3A1387E05664F8B1CE"]}, {"type": "mageia", "idList": ["MGASA-2021-0168"]}, {"type": "nessus", "idList": ["FEDORA_2020-CF8EF2F333.NASL", "OPENSUSE-2020-851.NASL", "ORACLE_GOLDENGATE_CPU_OCT_2021.NASL", "ORACLE_RDBMS_CPU_JUL_2021.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2022.NASL", "UBUNTU_USN-6117-1.NASL", "WEBSPHERE_6201862.NASL", "WEBSPHERE_6209099.NASL", "WEBSPHERE_6220296.NASL", "WEBSPHERE_6250059.NASL", "WEBSPHERE_6255074.NASL", "WEBSPHERE_6322683.NASL", "WEBSPHERE_6328895.NASL", "WEBSPHERE_6334311.NASL", "WEBSPHERE_CVE-2019-4720.NASL", "WEBSPHERE_CVE-2020-4276.NASL", "WEBSPHERE_CVE-2020-4362.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310853223"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "osv", "idList": ["OSV:GHSA-CMX4-P4V5-HMR5"]}, {"type": "redhat", "idList": ["RHSA-2020:0556", "RHSA-2020:2054", "RHSA-2020:4960", "RHSA-2020:4961", "RHSA-2020:5568"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-17566"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0851-1", "OPENSUSE-SU-2020:1043-1"]}, {"type": "ubuntu", "idList": ["USN-6117-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-17566"]}, {"type": "veracode", "idList": ["VERACODE:25693"]}, {"type": "zdi", "idList": ["ZDI-20-690", "ZDI-20-878"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-4720"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-17566"]}, {"type": "fedora", "idList": ["FEDORA:0D7F230979AB", "FEDORA:1364530979AB", "FEDORA:2BD533098BA0", "FEDORA:49205309799A", "FEDORA:61A713098ED5", "FEDORA:7A1EA3098BA2", "FEDORA:85B0430979AB", "FEDORA:94A8C309799A", "FEDORA:9F2FE3098B94", "FEDORA:AF19730979AB", "FEDORA:BACE03098BA0", "FEDORA:C6AD93098B94", "FEDORA:D4B143098BA2", "FEDORA:E0E2C3098BA0", "FEDORA:EDF1E309799A"]}, {"type": "github", "idList": ["GHSA-CMX4-P4V5-HMR5"]}, {"type": "githubexploit", "idList": ["91A6DEF1-A9B3-5679-A098-B3DDA3AB5069"]}, {"type": "ibm", "idList": ["09C6ACF80628EF8C73E427E1D21F5A5A497D751BEB43E7A41354136EC7AE4215", "280F22C59D289D09BF95C27BCBD4E75FDD23E4CB97EDC3D26F891DF09095112C", "43889098AF27B56E1AAC2C0ADC87D15751A2B0CCE3BF25260E32BBE3CCA7CE93", "80F63C4DBA4692F1399B8419C02ECEE29E4B32D85EDDE77D136EB81CBB859B9C", "CE7B09FDAB4AD52C4D2DF48D876D11F77AB8D075D2126DF86BCFAB3FD1F6D522", "D0E9A6FEA2999AD188DFACA4CDB52E09ADE22AA518CBD8BB87F91A5E6058C8B4", "DEFBED52ABC2310EDCD812EAE7D66EFB050F845095358FC260D8C8294857312A", "ED45B3D03432EA991E20FCFB7B9FD0CD25D3E1B834197F239D900E5975F863A2"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/IBM-WAS-CVE-2020-4329/"]}, {"type": "nessus", "idList": ["WEBSPHERE_6220296.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310853223"]}, {"type": "redhat", "idList": ["RHSA-2020:0556"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-17566"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0851-1"]}, {"type": "symantec", "idList": ["SMNTC-111284"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-17566"]}, {"type": "zdi", "idList": ["ZDI-20-690"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "tivoli monitoring", "version": 6}, {"name": "tivoli monitoring", "version": 6}, {"name": "tivoli monitoring", "version": 6}, {"name": "tivoli monitoring", "version": 6}, {"name": "tivoli monitoring", "version": 6}, {"name": "tivoli monitoring", "version": 6}]}, "epss": [{"cve": "CVE-2019-17566", "epss": 0.00172, "percentile": 0.52795, "modified": "2023-05-03"}, {"cve": "CVE-2019-4720", "epss": 0.00128, "percentile": 0.46062, "modified": "2023-05-03"}, {"cve": "CVE-2020-4276", "epss": 0.00093, "percentile": 0.38401, "modified": "2023-05-03"}, {"cve": "CVE-2020-4329", "epss": 0.00076, "percentile": 0.30941, "modified": "2023-05-03"}, {"cve": "CVE-2020-4362", "epss": 0.00093, "percentile": 0.38401, "modified": "2023-05-03"}, {"cve": "CVE-2020-4365", "epss": 0.00076, "percentile": 0.30941, "modified": "2023-05-03"}, {"cve": "CVE-2020-4449", "epss": 0.00376, "percentile": 0.68705, "modified": "2023-05-03"}, {"cve": "CVE-2020-4464", "epss": 0.01224, "percentile": 0.83299, "modified": "2023-05-03"}, {"cve": "CVE-2020-4534", "epss": 0.00042, "percentile": 0.05655, "modified": "2023-05-03"}, {"cve": "CVE-2020-4578", "epss": 0.0005, "percentile": 0.17213, "modified": "2023-05-03"}, {"cve": "CVE-2020-4643", "epss": 0.00124, "percentile": 0.45413, "modified": "2023-05-03"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1685996887, "score": 1685987183, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "67aaf9ce90de2f6b5767ae56429aad07"}, "affectedSoftware": [{"version": "6.3.0.2", "operator": "eq", "name": "tivoli monitoring"}, {"version": "6.3.0.3", "operator": "eq", "name": "tivoli monitoring"}, {"version": "6.3.0.4", "operator": "eq", "name": "tivoli monitoring"}, {"version": "6.3.0.5", "operator": "eq", "name": "tivoli monitoring"}, {"version": "6.3.0.6", "operator": "eq", "name": "tivoli monitoring"}, {"version": "6.3.0.7", "operator": "eq", "name": "tivoli monitoring"}]}

{"ibm": [{"lastseen": "2023-02-27T21:45:55", "description": "## Summary\n\nThere are multiple vulnerabilities that affect IBM WebSphere Application Server shipped with IBM StoredIQ for Legal. These have been addressed in Fix Pack 2.0.3.13 of StoredIQ for Legal.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4163](<https://vulners.com/cve/CVE-2020-4163>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174397>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4782](<https://vulners.com/cve/CVE-2020-4782>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189213](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189213>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4534](<https://vulners.com/cve/CVE-2020-4534>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4450](<https://vulners.com/cve/CVE-2020-4450>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4589](<https://vulners.com/cve/CVE-2020-4589>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184585](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184585>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-4449](<https://vulners.com/cve/CVE-2020-4449>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-4643](<https://vulners.com/cve/CVE-2020-4643>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185590](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185590>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-4670](<https://vulners.com/cve/CVE-2019-4670>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStoredIQ for Legal| 2.0.3 \n \n\n\n## Remediation/Fixes\n\nApply fix pack 2.0.3.13 that is available from Fix Central <https://www.ibm.com/support/fixcentral/>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-04T09:24:28", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10086", "CVE-2019-17566", "CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4163", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4449", "CVE-2020-4450", "CVE-2020-4534", "CVE-2020-4589", "CVE-2020-4643", "CVE-2020-4782"], "modified": "2021-03-04T09:24:28", "id": "126E1024546918D07264839DD88F2FF75D58789A0F611D0689966886112B533B", "href": "https://www.ibm.com/support/pages/node/6422665", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:51:44", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Federated Identity Manager| All \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Federated Identity Manager. ALL versions| WAS is vulnerable to a DOS \nWAS traditional versions 9.0, 8.5, 8.0 and 7.0 \nWAS liberty| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service(CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service\\(CVE-2019-4720\\)\" ) \nIBM Tivoli Federated Identity Manager. ALL versions | \n\nWAS 9.0, 8.5, 8.0 and 7.0\n\n| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to command execution vulnerability(CVE-2020-4163) \n](<https://www.ibm.com/support/pages/node/1288786> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )[ \n](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional versions 9.0, 8.5, 8.0 and 7.0\n\n| \n\n[Security Bulletin: IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability \\(CVE-2020-4276\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional versions 9.0, 8.5, 8.0 and 7.0\n\n| \n\n[Security Bulletin: WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability(CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability\\(CVE-2020-4362\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional versions 9.0, 8.5\n\n| \n\n[Security Bulletin:WebSphere Application Server traditional is vulnerable to a Remote Command Execution vulnerability.(CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin:WebSphere Application Server traditional is vulnerable to a Remote Command Execution vulnerability.\\(CVE-2020-4450\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS ND traditional 8.5 and 9.0\n\nWebSphere Virtual Enterprise Edition V7.0 and V8.0\n\n| \n\n[Security Bulletin:Remote code execution vulnerability in WebSphere Application Server ND(CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin:Remote code execution vulnerability in WebSphere Application Server ND\\(CVE-2020-4448\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS 9.0, 8.5, 8.0 and 7.0\n\nWAS liberty\n\n| \n\n[Security Bulletin:Information disclosure in WebSphere Application Server(CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin:Information disclosure in WebSphere Application Server\\(CVE-2020-4329\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional 7.0, 8.0, 8.5 and 9.0\n\n| \n\n[Security Bulletin:WebSphere Application Server traditional is vulnerable to a Information Disclosure vulnerability(CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin:WebSphere Application Server traditional is vulnerable to a Information Disclosure vulnerability\\(CVE-2020-4449\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional version 8.5\n\n| \n\n[Security Bulletin:WebSphere Application Server traditional is vulnerable to a server-side request forgery vulnerability(CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin:WebSphere Application Server traditional is vulnerable to a server-side request forgery vulnerability\\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-25T23:55:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720", "CVE-2020-4163", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-08-25T23:55:00", "id": "DD1E4FBBDF4FA000EDF2E286A05EA634208DB4377C6B455CD048AACE3C0B8023", "href": "https://www.ibm.com/support/pages/node/6322705", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:29", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearQuest | 8.0.0 \nIBM Rational ClearQuest | 8.0.1 \nIBM Rational ClearQuest | 9.0 \nIBM Rational ClearQuest | 9.0.1 \nIBM Rational ClearQuest | 9.0.2 \n \n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest. \n\n**Principal Product and Version(s)** | **Affected Supporting Product and Version** | **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | IBM WebSphere Application Server versions 7.0, 8.0, 8.5 and 9.0. | \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n**ClearQuest Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n_For 8.0.x, 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-25T04:34:43", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4276, CVE-2020-4362, CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362"], "modified": "2020-05-25T04:34:43", "id": "9597A8DA413DEA047F25252B086CCCDA7543FCBC7042D730228D872AF048DEA1", "href": "https://www.ibm.com/support/pages/node/6216024", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:50:53", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4449](<https://vulners.com/cve/CVE-2020-4449>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4670](<https://vulners.com/cve/CVE-2019-4670>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4448](<https://vulners.com/cve/CVE-2020-4448>) \n** DESCRIPTION: **IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181228](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181228>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4450](<https://vulners.com/cve/CVE-2020-4450>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Orchestrator| 2.5.0.10 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to manually upgrade to the appropriate WebSphere Application Server Interim Fix on IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5.0.10. \n\nConsult the following WebSphere Application Server security bulletins for the vulnerability details and information about their fixes:\n\n * [Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n * [Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670) ](<https://www.ibm.com/support/pages/node/1289152> \"Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console \\(CVE-2019-4670\\)\" )\n * [Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n * [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n * [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n * [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-16T09:19:38", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10086", "CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-09-16T09:19:38", "id": "86BC382413D13FEC49BBCF5FC0129F8B83C058E0C0CDD0CFC599911E284C4FA7", "href": "https://www.ibm.com/support/pages/node/6333467", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:54:38", "description": "## Summary\n\nIn the WebSphere Application Server Admin console, where the Rational Asset Manager is deployed, vulnerabilities such as privilege escalation, denial of service, command execution, code execution and Information Disclosure are observed. Information about these security vulnerability affecting WebSphere Application Server is published in the respective security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.x.\n\nNOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). **Affected Supporting Product** | **Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. | [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4276> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n[Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-command-execution-vulnerability-cve-2020-4163> \"Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability \\(CVE-2020-4163\\)\" ) \n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-exposure-vulnerability-cve-2020-4449> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" ) \n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/security-bulletin-remote-code-execution-vulnerability-websphere-application-server-nd-cve-2020-4448> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" ) \n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-20T06:09:39", "type": "ibm", "title": "Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where the Rational Asset Manager is deployed", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720", "CVE-2020-4163", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4448", "CVE-2020-4449"], "modified": "2020-06-20T06:09:39", "id": "929D837DD9C3EA90C20AF84418A0A2BB1D61BFBA6F69A8B90EB5479898403F5C", "href": "https://www.ibm.com/support/pages/node/6236710", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:28", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4589](<https://vulners.com/cve/CVE-2020-4589>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184585](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184585>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4534](<https://vulners.com/cve/CVE-2020-4534>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4575](<https://vulners.com/cve/CVE-2020-4575>) \n** DESCRIPTION: **IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184363](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184363>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-4643](<https://vulners.com/cve/CVE-2020-4643>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185590](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185590>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4578](<https://vulners.com/cve/CVE-2020-4578>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184433](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184433>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Orchestrator| 2.5.0.10 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to manually upgrade to the appropriate WebSphere Application Server Interim Fix on IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5.0.10. \n\nConsult the following WebSphere Application Server security bulletins for the vulnerability details and information about their fixes:\n\n[Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)](<https://www.ibm.com/support/pages/node/6334311> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4643\\)\" )\n\n[Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)](<https://www.ibm.com/support/pages/node/6323293> \"Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting \\(CVE-2020-4575\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4534\\)\" )\n\n[Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)](<https://www.ibm.com/support/pages/node/6328895> \"Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting \\(CVE-2020-4578\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)](<https://www.ibm.com/support/pages/node/6258333> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4589\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-29T09:51:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566", "CVE-2020-4534", "CVE-2020-4575", "CVE-2020-4578", "CVE-2020-4589", "CVE-2020-4643"], "modified": "2020-09-29T09:51:50", "id": "B9609A42BFED86C36189258C748597C29F9D824D3DD52ECECFEEA902FDA884B1", "href": "https://www.ibm.com/support/pages/node/6339089", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology. \n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCLM| 6.0.6.1 \nCLM| 6.0.6 \nCLM| 6.0.2 \nELM| 7.0 \nRhapsody DM| 6.0.6 \nRhapsody DM| 6.0.6.1 \nRhapsody DM| 6.0.2 \nRDM| 7.0 \nDNG| 6.0.6 \nDNG| 6.0.6.1 \nDNG| 6.0.2 \nDOORS Next| 7.0 \nRTC| 6.0.2 \nRTC| 6.0.6.1 \nEWM| 7.0 \nRTC| 6.0.6 \nRQM| 6.0.6.1 \nRQM| 6.0.6 \nETM| 7.0.0 \nRQM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\nThe IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published. \n\nFor ELM applications version 6.0 to 7.0 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:\n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\n[Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2020-4421)](<https://www.ibm.com/support/pages/node/6205926> \"Security Bulletin: Potential spoofing attack in WebSphere Application Server \\(CVE-2020-4421\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-01T21:25:46", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4421"], "modified": "2020-06-01T21:25:46", "id": "D00CE0285A4F7F2D040FEB9E42204B251DB78A299D7FFC4E7348291016376C6E", "href": "https://www.ibm.com/support/pages/node/6218416", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:48:51", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Federated Identity Manager| All \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Federated Identity Manager. ALL versions| \nWAS traditional versions 9.0, 8.5, 8.0 and 7.0 \n \n| [Security Bulletin: WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability(CVE-2019-4589)](<https://www.ibm.com/support/pages/node/6258333> \"Security Bulletin: WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability\\(CVE-2019-4589\\)\" ) \nIBM Tivoli Federated Identity Manager. ALL versions| WAS traditional versions 9.0, 8.5, 8.0 and 7.0 | \n\n[Security Bulletin: WebSphere Application Server is vulnerable to command execution vulnerability(CVE-2020-4534) \n](<https://www.ibm.com/support/pages/node/6255074> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote command execution \\(CVE-2020-4534\\)\" )[ \n](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions| \n\nWAS traditional versions 9.0, 8.5, 8.0 and 7.0\n\n| \n\n[Security Bulletin: WebSphere Application Server traditional is vulnerable to a command execution vulnerability(CVE-2020-4464) \n](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server traditional is vulnerable to a command execution vulnerability\\(CVE-2020-4464\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-17T21:42:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4589", "CVE-2020-4449", "CVE-2020-4464", "CVE-2020-4534"], "modified": "2020-11-17T21:42:37", "id": "1BFA2107A83F5EBB50F2D9856A4BF86EC74B8639416128FD821C1E4667C6C885", "href": "https://www.ibm.com/support/pages/node/6369307", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:09", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with Tivoli Access Manager for e-business. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)\n\n| \n\nVersion(s) \n \n---|--- \n \nIBM Tivoli Access Manager for e-business\n\n| \n\n6.1.1.x \n \nIBM Tivoli Access Manager for e-business\n\n| \n\n6.1.x \n \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Versions| Affected Supporting Product and Versions| Affected Supporting Product Security Bulletins \n---|---|--- \nIBM Tivoli Access Manager for e-business 6.1.x, 6.1.1.x| IBM WebSphere Application Server 7.0, 8.0| [Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)](<https://www.ibm.com/support/pages/node/6323293> \"Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting \\(CVE-2020-4575\\)\" )\n\n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)](<https://www.ibm.com/support/pages/node/6258333> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4589\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4534\\)\" )\n\n[Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" )\n\n[Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)](<https://www.ibm.com/support/pages/node/6328895> \"Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting \\(CVE-2020-4578\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4450> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-disclosure-vulnerability-cve-2020-4576-0> \"Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability \\(CVE-2020-4576\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-exposure-vulnerability-cve-2020-4643> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4643\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4629)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-disclosure-vulnerability-cve-2020-4629> \"Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability \\(CVE-2020-4629\\)\" )\n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4362> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-07T21:32:45", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566", "CVE-2020-4362", "CVE-2020-4448", "CVE-2020-4450", "CVE-2020-4464", "CVE-2020-4534", "CVE-2020-4575", "CVE-2020-4576", "CVE-2020-4578", "CVE-2020-4589", "CVE-2020-4629", "CVE-2020-4643"], "modified": "2020-10-07T21:32:45", "id": "476B017015C7BC4F8F39C2B41A3D687C1FD9E58B44A524C0A4CF05B7ED875145", "href": "https://www.ibm.com/support/pages/node/6344091", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:41", "description": "## Summary\n\nIn the WebSphere Application Server (WAS) admin console where the Rational Asset Manager (RAM) is deployed, the command execution and privilege escaltion vulnerabilites are observed. Information about these security vulnerabilities affecting WebSphere Application Server are published in the respective security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.\n\nNOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). **Affected Supporting Product** | **Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. | [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4464> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4362> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-27T15:00:13", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities are identified in WebSphere Application Server where Rational Asset Manager is deployed (CVE-2020-4464 and CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362", "CVE-2020-4464"], "modified": "2020-07-27T15:00:13", "id": "C271913B2440899C08A55447029AB1A0AC6DCE6638B3B42E74B54F5FFEB8E397", "href": "https://www.ibm.com/support/pages/node/6253259", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T17:44:27", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276", "CVE-2020-4362"], "modified": "2020-07-24T22:19:08", "id": "E37521CF9AEA15A506E74C8F2964CA01FD757349E010363B351F3F67EF6EC858", "href": "https://www.ibm.com/support/pages/node/6202743", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:07", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.0 \nISIM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\n## \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nISIM 6.0.0 | WAS 7.0, 8.0, 8.5| \n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \nISIM 6.0.2| WAS 9 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T08:13:15", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276", "CVE-2020-4362"], "modified": "2020-04-27T08:13:15", "id": "C0C0BE37703E3B923259F980A7F946DB540E263A82DF998A29998BA1DE07B6F2", "href": "https://www.ibm.com/support/pages/node/6201447", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:52:36", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.0 \nISIM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nISIM 6.0.0 | WAS 7.0, 8.5| \n\n# \n\n# [Security Bulletin: Remote Code Execution Vulnerability in WebSphere Application Server (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n# \n \nISIM 6.0.2| WAS 9.0.5 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-29T00:11:06", "type": "ibm", "title": "Security Bulletin: Security vulnerabilty have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager( CVE-2020-4464 )", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276", "CVE-2020-4464"], "modified": "2020-07-29T00:11:06", "id": "C240BBFDC8BC9CE0EAAFF7EBDB320E1A1CAE89E9A580402A7B118BEAD23A73D4", "href": "https://www.ibm.com/support/pages/node/6254017", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:31", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 9.0\n * 8.5\n * 8.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-03T16:35:51", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a remote code execution vulnerability (CVE-2020-4534)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464", "CVE-2020-4534"], "modified": "2020-08-03T16:35:51", "id": "A9DBFF863A6956B8DCA6D07F7B3E49FD83B3B78BAB81E574B7DE5914E7A805BA", "href": "https://www.ibm.com/support/pages/node/6255634", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:39", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \n \nWebSphere Service Registry and Repository V8.5\n\n| \n\nWebSphere Application Server V8.5.5 \n \nWebSphere Service Registry and Repository V8.0\n\n| \n\nWebSphere Application Server V8.0 \n \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes: \n\n * [Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)](<https://www.ibm.com/support/pages/node/6328895> \"Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting \\(CVE-2020-4578\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-exposure-vulnerability-cve-2020-4643> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4643\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-24T18:32:03", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4578 and CVE-2020-4643)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4578", "CVE-2020-4643"], "modified": "2020-09-24T18:32:03", "id": "7023115A94233B703D854D5CB3F1A621249C76ECD01307D191788B785D46A701", "href": "https://www.ibm.com/support/pages/node/6336923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:48:28", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Federated Identity Manager| All \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Versions| Affected Supporting Product and versions| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Federated Identity Manager 6.2.x| IBM WebSphere Application Server 7.0, 8.0, 8.5| [WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)](<https://www.ibm.com/support/pages/node/6328895> \"WebSphere Application Server Admin Console is vulnerable to cross-site scripting \\(CVE-2020-4578\\)\" ) \nIBM Tivoli Federated Identity Manager 6.2.x| IBM WebSphere Application Server 7.0, 8.0, 8.5| [WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)](<https://www.ibm.com/support/pages/node/6334311> \"WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4643\\)\" ) \nIBM Tivoli Federated Identity Manager 6.2.x| IBM WebSphere Application Server 7.0, 8.0, 8.5| [WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4629)](<https://www.ibm.com/support/pages/node/6339255> \"WebSphere Application Server is vulnerable to an information disclosure vulnerability \\(CVE-2020-4629\\)\" ) \nIBM Tivoli Federated Identity Manager 6.2.x| IBM WebSphere Application Server 7.0, 8.0, 8.5| [WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576)](<https://www.ibm.com/support/pages/node/6339807> \"WebSphere Application Server is vulnerable to an information disclosure vulnerability \\(CVE-2020-4576\\)\" ) \nIBM Tivoli Federated Identity Manager 6.2.x| IBM WebSphere Application Server 7.0, 8.0, 8.5| [Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-09T16:14:35", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566", "CVE-2020-4576", "CVE-2020-4578", "CVE-2020-4629", "CVE-2020-4643"], "modified": "2020-12-09T16:14:35", "id": "9770323F532BB10EA2CF6AA35FD83A103279F223480B36A5D157CEB2FDA4B9D8", "href": "https://www.ibm.com/support/pages/node/6380352", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:52:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRQM| 6.0.6.1 \nRQM| 6.0.6 \nETM| 7.0.0 \nRQM| 6.0.2 \nRhapsody DM| 6.0.6 \nRhapsody DM| 6.0.6.1 \nRhapsody DM| 6.0.2 \nRDM| 7.0 \nRTC| 6.0.2 \nRTC| 6.0.6.1 \nEWM| 7.0 \nRTC| 6.0.6 \n \n\n\n## Remediation/Fixes\n\nThe IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published. \n\nFor ELM applications version 6.0 to 7.0 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n\n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059>)\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-12T14:03:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450", "CVE-2020-4464", "CVE-2020-4534"], "modified": "2020-08-12T14:03:54", "id": "97CDC805F58A9B1C47D1FD84E32A701014B49D66DDD17B2EC600FE00B246D4A3", "href": "https://www.ibm.com/support/pages/node/6258269", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:31", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Rational ClearQuest| 8.0.0 \nIBM Rational ClearQuest| 8.0.1 \nIBM Rational ClearQuest| 9.0 \nIBM Rational ClearQuest| 9.0.1 \nIBM Rational ClearQuest| 9.0.2 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| IBM WebSphere Application Server versions 7.0, 8.0, 8.5 and 9.0.| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n\n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4534\\)\" ) \n \n**ClearQuest Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n_For 8.0.x, 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-03T09:37:19", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450", "CVE-2020-4464", "CVE-2020-4534"], "modified": "2020-08-03T09:37:19", "id": "20275B53B0179711A539FCD72C61DE61752A9F0A0950F1CD32E564B47C4B4B5D", "href": "https://www.ibm.com/support/pages/node/6255594", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:51:25", "description": "## Summary\n\nIBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerabilities due to remote attacker being able to execute arbitrary code , obtain sensitive informstion , and denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4464](<https://vulners.com/cve/CVE-2020-4464>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-4441](<https://vulners.com/cve/CVE-2019-4441>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM VA| 7.0.2 \nISIM VA| 7.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **Remediation** \n---|---|--- \n \nIBM Security Identity Manager Virtual Appliance\n\n| \n\n7.0.2\n\n| \n\n[7.0.2-ISS-SIM-FP0002](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.2-ISS-SIM-FP0002&source=SARASA> \"7.0.2-ISS-SIM-FP0002\" ) \n \nIBM Security Identity Manager Virtual Appliance\n\n| \n\n7.0.1\n\n| \n\n[7.0.1-ISS-SIM-FP0014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0014&source=SAR> \"7.0.1-ISS-SIM-FP0014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-31T17:25:23", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4441", "CVE-2019-4720", "CVE-2020-4464"], "modified": "2020-08-31T17:25:23", "id": "DEFBED52ABC2310EDCD812EAE7D66EFB050F845095358FC260D8C8294857312A", "href": "https://www.ibm.com/support/pages/node/6324783", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:00", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational ClearCase| 8.0.0 \n---|--- \nIBM Rational ClearCase| 9.0 \nIBM Rational ClearCase| 9.0.1 \nIBM Rational ClearCase| 9.0.2 \nIBM Rational ClearCase| 8.0.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4534\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)](<https://www.ibm.com/support/pages/node/6258333> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4589\\)\" ) \n \n**ClearCase Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| \n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section. Check your installed version of IBM WebSphere Application Server against this bulletin's list of vulnerable versions.\n 2. Identify the latest available fixes (per the bulletin(s) listed above) for the version of WAS used for CCRC WAN server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n_For 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-17T18:56:13", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2020-4464, CVE-2020-4534, CVE-2020-4589)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464", "CVE-2020-4534", "CVE-2020-4589"], "modified": "2020-08-17T18:56:13", "id": "35F499D41BB18E1C19E15CD058395BEBCD0F4434ACF6B50613E044055AF257B7", "href": "https://www.ibm.com/support/pages/node/6260987", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:39", "description": "## Summary\n\nIn the WebSphere Application Server (WAS) admin console where the Rational Asset Manager (RAM) is deployed, security vulnerabilites are observed. Information about these security vulnerabilities affecting WebSphere Application Server are published in the respective security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.\n\nNOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS).\n\n** Affected Supporting Product**| ** Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0.| [Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-nd-vulnerable-cross-site-scripting-cve-2020-4575> \"Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting \\(CVE-2020-4575\\)\" ) \n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)](<https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-information-exposure-vulnerability-cve-2020-4643> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4643\\)\" ) \n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4589> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4589\\)\" ) \n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4534-0> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4534\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-25T08:01:51", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities are identified in WebSphere Application Server where Rational Asset Manager is deployed", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4534", "CVE-2020-4575", "CVE-2020-4589", "CVE-2020-4643"], "modified": "2020-09-25T08:01:51", "id": "287AD0D0843E0A093F40000F5A7ED8E60D44041219321351A7CEA518DDFDBB95", "href": "https://www.ibm.com/support/pages/node/6337451", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:49:44", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Maximo APM - Predictive Maintenance Insights On-Premises| All \n---|--- \nIBM Predictive Maintenance and Quality| All \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to manually upgrade to the appropriate WebSphere Application Server Interim Fix on IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. \n\nConsult the following WebSphere Application Server security bulletins for the vulnerability details and information about their fixes:\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)](<https://www.ibm.com/support/pages/node/6258333> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4589\\)\" )\n\n[Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)](<https://www.ibm.com/support/pages/node/6334311> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4643\\)\" )\n\n[Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)](<https://www.ibm.com/support/pages/node/6323293> \"Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting \\(CVE-2020-4575\\)\" )\n\n[Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)](<https://www.ibm.com/support/pages/node/6328895> \"Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting \\(CVE-2020-4578\\)\" )\n\n[Security Bulletin: Denial of service vulnerability in WebSphere Application Server Liberty (CVE-2020-4590)](<https://www.ibm.com/support/pages/node/6333623> \"Security Bulletin: Denial of service vulnerability in WebSphere Application Server Liberty \\(CVE-2020-4590\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576)](<https://www.ibm.com/support/pages/node/6339807> \"Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability \\(CVE-2020-4576\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4629)](<https://www.ibm.com/support/pages/node/6339255> \"Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability \\(CVE-2020-4629\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-19T15:09:06", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities in WebSphere Application Server affect Predictive Maintenance and Quality and Predictive Maintenance Insights", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566", "CVE-2020-4575", "CVE-2020-4576", "CVE-2020-4578", "CVE-2020-4589", "CVE-2020-4590", "CVE-2020-4629", "CVE-2020-4643"], "modified": "2020-10-19T15:09:06", "id": "0BDDBA484F3367829DBE683BE155B8F63CE6E7CF5747401F154DB308D91D8FD4", "href": "https://www.ibm.com/support/pages/node/6349573", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:57", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| 8.5 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n\n**Principal Product and Version(s)**| \n\n**Affected Supporting Product and Version**\n\n| **Affected Supporting Product Security Bulletin** \n---|---|--- \nWebSphere Remote Server 8.5| \n\nWebSphere Application Server 8.5\n\n| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-18T22:19:29", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-18T22:19:29", "id": "976F919FC290A9CF04D278802234E03FE2D845802AC74A80B70EA7452D3CBBA2", "href": "https://www.ibm.com/support/pages/node/6210534", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:50", "description": "## Summary\n\nWebSphere Application Server is vulnerable to a server-side request forgery vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect the following versions and releases of IBM WebSphere Application Server in IBM Cloud:\n\n * Version 8.5\n \n\n\n## Remediation/Fixes\n\nTo patch an existing service instance, refer to the IBM WebSphere Application Server bulletin listed below: \n\n * [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\nPlease see [ Updating your environment](<https://cloud.ibm.com/docs/services/ApplicationServeronCloud?topic=wasaas-updating-your-environment>) in the KnowlegeCenter for information on applying service. \n\nAlternatively, delete the vulnerable service instance and create a new instance.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-16T14:52:40", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-16T14:52:40", "id": "6558AFEB72F9052A7DDC452902F768EE59867F40CAC6B3E8ADA809260B835C7C", "href": "https://www.ibm.com/support/pages/node/6233330", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:48", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability\" )\n\nSee section: **For V8.5.0.0 through 8.5.5.17:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:27:23", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-08-24T12:27:23", "id": "B4FE1B26E5C26CDC219CEB5E6DB28E0AF62C714D0BDFC3E7626485AFD5DD33E9", "href": "https://www.ibm.com/support/pages/node/6320861", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:55:13", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearQuest | 8.0.1 \nIBM Rational ClearQuest | 9.0.2 \nIBM Rational ClearQuest | 8.0.0 \nIBM Rational ClearQuest | 9.0 \nIBM Rational ClearQuest | 9.0.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest. \n\n**Principal Product and Version(s)** | **Affected Supporting Product and Version** | **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | IBM WebSphere Application Server versions 8.5 | \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n**ClearQuest Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n_For 8.0.x, 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-03T04:32:45", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-03T04:32:45", "id": "8B09AD4AC24D6E8E14D92335F42541805069E1DAE6D86CD1B6260B5FE019BA73", "href": "https://www.ibm.com/support/pages/node/6219242", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:42", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability\" )\n\nSee section: **For V8.5.0.0 through 8.5.5.17:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-26T14:55:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-08-26T14:55:04", "id": "D3880C7852DB9EFFBB3B76955322352B435D1896CD07A0825E679BDC935BB4D1", "href": "https://www.ibm.com/support/pages/node/6323251", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:49:56", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nIBM Operations Analytics Predictive Insights v1.3.3| Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights v1.3.5| Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights v1.3.6| Websphere Application Server 8.5 \n \n## Remediation/Fixes\n\nMore information and recommended solutions are disclosed with the security bulletin: [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-server-side-request-forgery-vulnerability-cve-2020-4365> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-12T18:18:22", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-10-12T18:18:22", "id": "5A5125925EBA02E1F8D635FF8A050A4D44668622DA9EECE18E8D3B2742917CD2", "href": "https://www.ibm.com/support/pages/node/6324263", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:48", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability\" )\n\nSee section: **For V8.5.0.0 through 8.5.5.17:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:29:03", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-08-24T12:29:03", "id": "95A0331F3BEA1EBD0D529E31AA0CFF972F79A25ADF9D95A777B7B0FA5EA42E51", "href": "https://www.ibm.com/support/pages/node/6320863", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:55:23", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.2.1 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-28T20:50:54", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-28T20:50:54", "id": "D9DD7B1E68819557246CE052C2A1D441B9E54DC8325262221F36E256E53A425B", "href": "https://www.ibm.com/support/pages/node/6211875", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:33", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-23T20:14:20", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-23T20:14:20", "id": "6AEFF4A1E2CE43A6C28306F76FC53576CD3450EAD0A3066EC2E34BFAACC1BE07", "href": "https://www.ibm.com/support/pages/node/6237866", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:41", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version(s) \n---|--- \nIBM Cloud Pak for Applications, all versions | \n\nWebSphere Application Server:\n\n * 8.5 \n \n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-27T15:08:17", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with IBM Cloud Pak for Applications is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-07-27T15:08:17", "id": "26289C49F8A28DA67CE8E88E0B6A5EF7DA86BB2689654E94DAF730B00BC2CF30", "href": "https://www.ibm.com/support/pages/node/6253271", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:38", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 8.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T19:03:39", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-14T19:03:39", "id": "1253187CB975635D45D54CED51835E24ED8D38334E8F956710D4AF60E30CCE34", "href": "https://www.ibm.com/support/pages/node/6209317", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:38", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version(s)** \n---|--- \nWebSphere Service Registry and Repository 8.5| WebSphere Application Server 8.5.5 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes: \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-server-side-request-forgery-vulnerability-cve-2020-4365> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-19T16:34:44", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-19T16:34:44", "id": "BF65060D894F88440887145F957785E7DC97CFCE4B58544406F33D1BDDF7F3DC", "href": "https://www.ibm.com/support/pages/node/6211860", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T16:45:13", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-14T16:45:13", "id": "A8FA0CA82D0B99F83999500658131D63342A6D01F0626378469C4233C286CA4C", "href": "https://www.ibm.com/support/pages/node/6209266", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-server-side-request-forgery-vulnerability-cve-2020-4365> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T13:55:02", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-14T13:55:02", "id": "3FB4899A3FB4C7FAB480D72B8D89C0F7ADBEBEFD1C82260C0DDD1186FCFD1DB8", "href": "https://www.ibm.com/support/pages/node/6209226", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:17", "description": "## Summary\n\nWebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n**DESCRIPTION: **IBM WebSphere Application Server is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server | 8.5 \n \n## Remediation/Fixes\n\n**For WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH23638](<https://www.ibm.com/support/pages/node/6209067> \"PH23638\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020). \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-29T13:48:25", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-29T13:48:25", "id": "C2F6F5506480CB85A6DB6F096B7B7E562DE0419E55AED7EE6FAA08C1F5DCFB05", "href": "https://www.ibm.com/support/pages/node/6209099", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:34", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere\u00ae Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM\u00ae Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3| IBM WebSphere\u00ae Application Server V8.5 \nIBM\u00ae Intelligent Operations Center for Emergency Management V1.6| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-21T08:56:05", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere\u00ae Application Server shipped with IBM\u00ae Intelligent Operations Center (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-21T08:56:05", "id": "74367E5FAA9153FBB3294400EDD4E66E3FC454449E232848EB9B92B9E9B4CE23", "href": "https://www.ibm.com/support/pages/node/6212497", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:12", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6 \nControl Desk 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n[WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-04T13:58:07", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-04T13:58:07", "id": "651519A7CF3934936F8772EF168CF781B5ECC7610377F209DF254077426D7CED", "href": "https://www.ibm.com/support/pages/node/6220232", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:56", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-07-24T22:19:08", "id": "D91D5DB5A40E711632B505AA5C086735FB04E313FC3A69BB0D647894D124C07B", "href": "https://www.ibm.com/support/pages/node/6217818", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-06-05T17:50:04", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \n \nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2022-09-14T15:28:14", "id": "F7CFF765DD44AF112B428A21101BB56DAA4C74B46BAB3908CD6DC291CDBDCB3E", "href": "https://www.ibm.com/support/pages/node/6209667", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:31", "description": "## Summary\n\nIBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to a security vulnerability. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service and a remote attacker could exploit this vulnerability to cause the server to consume all available memory. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Identity Governance and Intelligence| 5.2 \nIBM Security Identity Governance and Intelligence| 5.2.3 \nIBM Security Identity Governance and Intelligence| 5.2.4 \nIBM Security Identity Governance and Intelligence| 5.2.5 \nIBM Security Identity Governance and Intelligence| 5.2.6 \n \n \n\n\n## Remediation/Fixes\n\nProduct Name | VRMF| First Fix \n---|---|--- \nIGI| 5.2| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.3| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.4| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.5| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.6| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-27T08:15:41", "type": "ibm", "title": "Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-27T08:15:41", "id": "1D175F9C9806A85668A040BF3EFE408975FAD5D82ADCF7E6B3A57BDC6C5B6AE8", "href": "https://www.ibm.com/support/pages/node/6208322", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T17:40:29", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Liberty that is used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| All \n \n\n\n## Remediation/Fixes\n\nApply 1.3.6 Interim Fix 2 or later \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&amp;release=1.3.6 \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6>) \nNote that for versions earlier than 1.3.6, ONLY the UI component should be updated using this interim fix. Nothing else in the interim fix is relevant to this bulletin. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-16T13:59:51", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-16T13:59:51", "id": "67146E2A524C8FB5A1DFD73F1DB4911AAB49B852B996D26C9FDC1C6AD38C7259", "href": "https://www.ibm.com/support/pages/node/5967735", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:41:45", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n# [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-23T20:39:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-07-23T20:39:17", "id": "61C3F15886364FC22D270B27228FD5FA37CCAE5CB24408C225EC21FF0A7ECDF1", "href": "https://www.ibm.com/support/pages/node/1568877", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:46", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli Business Service Manager 6.1.0 all Fixpacks \nIBM Tivoli Business Service Manager 6.1.1 all Fixpacks \nIBM Tivoli Business Service Manager 6.2.0.0 \u2013 6.2.0.2 Interim Fix 1\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Tivoli Business Service Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Business Service Manager 6.1.0 \nIBM Tivoli Business Service Manager 6.1.1| IBM WebSphere Application Server 7.0| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nIBM Tivoli Business Service Manager 6.2.0| IBM WebSphere Application Server 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-19T05:46:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-19T05:46:52", "id": "ED5493758E1BB2264B2528B7BFDF7459C01FEC351EDA1D8EA5F345B3F0121AD0", "href": "https://www.ibm.com/support/pages/node/6235666", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:52:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager versions 4.1.1 and 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.1.1| [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-13T10:24:09", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-13T10:24:09", "id": "264C02DB84560D43F15B55FC00827F64C8C799EB4813FAD5C111008C8E131691", "href": "https://www.ibm.com/support/pages/node/6259377", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T05:44:47", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-18T15:37:43", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-18T15:37:43", "id": "F0F6B314EFF00F10A24D71AC701C8D020FAE17292397195CFCABDAC91A29CD99", "href": "https://www.ibm.com/support/pages/node/2861697", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:39", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Security Key Lifecycle Manager | 4.0 \n \n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-08T21:52:07", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-08T21:52:07", "id": "F3F782D7C52FB7EDB2E3360618EA58B1F3470CCF5FC14BCA7DB46A5535A7293A", "href": "https://www.ibm.com/support/pages/node/6173643", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:14", "description": "## Summary\n\nVulnerability CVE-2019-4720 exists in IBM WebSphere Liberty Profile used by IBM Spectrum Symphony 7.3.0.1, 7.3, 7.2.1, 7.2.0.2 and 7.1.2, and IBM Platform Symphony 7.1.1. Interim fixes that provide instructions on upgrading the IBM WebSphere Liberty Profile package to version 20.0.0.3 are available on IBM Fix Central. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n_**Affected Products**_| _**Versions**_ \n---|--- \nIBM Spectrum Symphony| 7.3.0.1 \nIBM Spectrum Symphony| 7.3 \nIBM Spectrum Symphony| 7.2.1 \nIBM Spectrum Symphony| 7.2.0.2 \nIBM Spectrum Symphony| 7.1.2 \nIBM Platform Symphony| 7.1.1 \n \n\n\n## Remediation/Fixes\n\n_**Products**_| _**VRMF**_| _**APAR **_| _**Remediation/First Fix **_ \n---|---|---|--- \nIBM Spectrum Symphony| 7.3.0.1| P103512| [sym-7.3.0.1-build545449](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.0.1-build545449&includeSupersedes=0> \"sym-7.3.0.1-build545449\" ) \nIBM Spectrum Symphony| 7.3| P103511| [sym-7.3-build545448](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build545448&includeSupersedes=0> \"sym-7.3-build545448\" ) \nIBM Spectrum Symphony| 7.2.1| P103510| [sym-7.2.1-build545447](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build545447&includeSupersedes=0> \"sym-7.2.1-build545447\" ) \nIBM Spectrum Symphony| 7.2.0.2| P103509| [sym-7.2.0.2-build545446](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build545446&includeSupersedes=0> \"sym-7.2.0.2-build545446\" ) \nIBM Spectrum Symphony| 7.1.2| P103508| [sym-7.1.2-build545445](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build545445&includeSupersedes=0> \"sym-7.1.2-build545445\" ) \nIBM Platform Symphony| 7.1.1| P103507| [sym-7.1.1-build545444](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build545444&includeSupersedes=0> \"sym-7.1.1-build545444\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-22T06:52:59", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Symphony and IBM Platform Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-22T06:52:59", "id": "D9E8D125D2A5D32BB22B755D0193D28F3F5DE0A694D5EF40ABD49E19443F4CBE", "href": "https://www.ibm.com/support/pages/node/6195842", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:16", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as component of IBM Cloud Pak System. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Affected Versions(s)**| **Affected Supporting Product and Version** \n---|--- \nIBM Cloud Pak System All releases| WebSphere Application Server: \n\n * Liberty\n * Version 9.0\n * Version 8.5 \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-07T13:14:44", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Application Server shipped as component of Cloud Pak System is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-07-07T13:14:44", "id": "6E15388FEC4AEF961ACD45CDEA784062121BF39A5E1909E3C780D0C5147A52E5", "href": "https://www.ibm.com/support/pages/node/6208265", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:18", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-26T07:15:15", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-26T07:15:15", "id": "1A86238F7F143F1D2CDCAF13A7A5121E2734C20B015C44303B08AB3756ADAA1C", "href": "https://www.ibm.com/support/pages/node/3510741", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:47:00", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. This issue allows a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM License Metric Tool | All \n \n## Remediation/Fixes\n\nUpgrade to version 9.2.19 or later using the following procedure: \n\n * In BigFix console, expand IBM License Reporting (ILMT) node under Sites node in the tree panel.\n * Click Fixlets and Tasks node. Fixlets and Tasks panel will be displayed on the right.\n * In the Fixlets and Tasks panel locate _Upgrade to the latest version of IBM License Metric Tool __9.x _fixlet and run it against the computer that hosts your server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-27T07:46:58", "type": "ibm", "title": "Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2019-4720).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-27T07:46:58", "id": "72FDC7ACE37453A4C45D6056B76A38DAB964209EA3654296776CF200F9BBCFD0", "href": "https://www.ibm.com/support/pages/node/6123519", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:55:09", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-05T05:02:21", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-05T05:02:21", "id": "B7D7C09AA3957447FD5B3D3BD6AAD56CD3C7645746D04D52839C4B2817CED9A1", "href": "https://www.ibm.com/support/pages/node/6220408", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:43:58", "description": "## Summary\n\nThis security bulletin addresses the Denial of Service (DOS) vulnerability that has been found to impact Websphere Liberty in IBM Tivoli Application Dependency Discovery Manager.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager | 7.3.0 (7.3.0.3 - 7.3.0.7) \n \n## Remediation/Fixes\n\n**_Directions for interim efix application:_**\n\n * **For TADDM 7.3.0.5 and 7.3.0.6 environment:**\n\nCheck the websphere version installed using any of the below three commands:\n\n 1. $COLLATION_HOME/external/wlp/bin/server version\n 2. $COLLATION_HOME/external/wlp/bin/productInfo version\n 3. cd $COLLATION_HOME/external/wlp; cat README.TXT |head -1\n * If Websphere version output is \u201c8.5.5.8\u201d, then please first apply the efix of WebSphere 20.0.0.1 which was released earlier and can be found at below link:\n\n[https://www.ibm.com/support/pages/node/5693217](<https://www.ibm.com/support/pages/node/5693193>)\n\nThen proceed to apply the below interim efix efix_WLP_20001_InterimFix_FP7200218.zip of websphere.\n\n * If Websphere version output above is \u201c20.0.0.1\u201d then apply the interim efix efix_WLP_20001_InterimFix_FP7200218.zip directly.\n\n * **For TADDM 7.3.0.7 environment:**\n\nThe websphere version has been upgraded to 20.0.0.1 in 7.3.0.7 but as a precautionary measure, please check the version before application of any fixes. With version 20.0.0.1, the interim fix efix_WLP_20001_InterimFix_FP7200218.zip can be applied directly.\n\nThe interim efix details are as follows:\n\nFix | VRMF | APAR | How to acquire fix \n---|---|---|--- \n \nefix_WLP_20001_InterimFix_FP7200218.zip\n\n| 7.3.0.5 - 7.3.0.7 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=tUeuOXu7AZ3srGaop3dwIZ38LT43dQ2m3SooMX9NOL0> \"Download eFix\" ) \n \n**Note**: Before TADDM 7.3.0.5, Java 7 was used and the upgraded Liberty version 20.0.0.1 requires Java8. Hence, no eFix can be provided for versions before 7.3.0.5.\n\n## Workarounds and Mitigations\n\nFor customers on TADDM FixPack 3 or FixPack 4, recommendation is to upgrade to a later version and then follow the steps mentioned above.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-22T12:32:50", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to Denial of Service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-10-22T12:32:50", "id": "104E5358C09C4A12262672713C06CC3321584D57C3884021EB6B32EED2C9E8BC", "href": "https://www.ibm.com/support/pages/node/6200504", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:12", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Waston. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)** | ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1 | IBM WebSphere Application Server 9.0.0.10 \nIBM OpenPages GRC Platform 7.4/8.0 | IBM WebSphere Application Server 9.0.0.3 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/1285372> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-04-23T04:01:54", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-23T04:01:54", "id": "932925E1037ED82721BC6DC142A9C2642FF0DE1519D1063C1E121B0FF0B92345", "href": "https://www.ibm.com/support/pages/node/6194769", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:55:23", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Key Lifecycle Manager| 4.0 \nIBM Security Key Lifecycle Manager| 3.0.1 \n \n## Remediation/Fixes\n\nPlease consult the following Security Bulletins:\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-28T20:47:55", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-28T20:47:55", "id": "583B4EC604B94C469C4DE44FF99FFC90AB1BE9C2A84ECBEDB90D7CDD5FE2E8CA", "href": "https://www.ibm.com/support/pages/node/6217187", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:59", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 &amp; 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server, has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0.x \nITNM| 3.9 \nITNM| 4.1.1.x \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0.x| Please refer to section \"**For V8.5.0.0 through 8.5.5.17:**\" of [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" ) \nITNM| 4.1.1.x| Please refer to section \"**For V7.0.0.0 through 7.0.0.45:**\" of [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" ) \nITNM| 3.9.x| Please refer to section \"**For V7.0.0.0 through 7.0.0.45:**\" of [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-04-30T15:34:47", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-30T15:34:47", "id": "44307B44119A69F2A7E2E3CC5B1FD7B80E121C1C95887759C5496379420C526E", "href": "https://www.ibm.com/support/pages/node/6204024", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T05:46:25", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Versions\n\n| Affected Supporting Product and Versions \n---|--- \n \nIBM Case Manager 5.1.1\n\nIBM Case Manager 5.2.0 \nIBM Case Manager 5.2.1 \nIBM Case Manager 5.3.0 \nIBM Case Manager 5.3.1 \nIBM Case Manager 5.3.2 \nIBM Case Manager 5.3.3\n\n| \n\nIBM WebSphere Application Server 7.0\n\nIBM WebSphere Application Server 8.0\n\nIBM WebSphere Application Server 8.5 \nIBM WebSphere Application Server 9.0 \n \n## Remediation/Fixes\n\nReview security bulletin [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-31T19:57:48", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-01-31T19:57:48", "id": "DB96F671D2C03801FFDB9E0404F5E6EB5CE8F28F9A4DF89501AEDFCF7E039266", "href": "https://www.ibm.com/support/pages/node/1288300", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:46:29", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * Liberty\n * Version 9.0\n * Version 8.5\n * Version 8.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-30T22:05:17", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server bundled with IBM WebSphere Application Server Patterns is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-01-30T22:05:17", "id": "1789DD677115A931C8718DBD3105CB40D233231B07926E1BCDDA0E9CBB32C539", "href": "https://www.ibm.com/support/pages/node/1285492", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:55:15", "description": "## Summary\n\nIBM MobileFirst Platform Foundation has addressed the following vulnerability: WebSphere liberty is vulnerable to a DOS\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MobileFirst Foundation| 8.0.0.0 - ICP, IKS or using the scripts (BYOL), OCP/ICPA \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM MobileFirst Platform Foundation| 8.0.0.0| Download the iFix from [IBM MobileFirst Platform Foundation on FixCentral](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+MobileFirst+Platform+Foundation&fixids=8.0.0.0-MFPF-IF202004271027&source=SAR> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-01T04:03:38", "type": "ibm", "title": "Security Bulletin: WebSphere liberty is vulnerable to a DOS (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-01T04:03:38", "id": "467CF97BCB360927DBFFE98B67B787639BE1F772AB145EC498B8B01C4AC15F2C", "href": "https://www.ibm.com/support/pages/node/6218304", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:51:13", "description": "## Summary\n\nNovalink uses WebSphere Application Server Liberty. There is a denial of service in high vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNovaLink| 1.0.0.13 \nNovaLink| 1.0.0.15 \n \n## Remediation/Fixes\n\nThe recommended solution is to upgrade to Novalink version 1.0.0.16\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-07T12:35:07", "type": "ibm", "title": "Security Bulletin: Novalink is impacted by denial of service high vulnerability in WebSphere Application Server Liberty CVE-2019-4720", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-09-07T12:35:07", "id": "6C0B46071036140AA51372906322730888C9E7399B10A1E9F089A640862B19CC", "href": "https://www.ibm.com/support/pages/node/6327175", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:52", "description": "## Summary\n\nIBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Products and Versions:\n\nAffected Product(s)\n\n| \n\nVersion(s) \n \n---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.0 through 6.0.0.2 iFix08 \n \nIBM Control Center\n\n| \n\n6.1.0.0 through 6.1.2.1 iFix02 \n \n \n\n\n## Remediation/Fixes\n\nRemediation/Fixes: \n\nProduct\n\n| \n\nVRMF\n\n| \n\niFix\n\n| \n\nRemediation \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.2\n\n| \n\niFix09\n\n| \n\n[Fix Central - 6.0.0.2](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) \n \nIBM Control Center\n\n| \n\n6.1.2.1\n\n| \n\niFix02\n\n| \n\n[Fix Central - 6.1.2.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.2.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-04T21:42:24", "type": "ibm", "title": "Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-04T21:42:24", "id": "ACBEAC66D4C77E6E0A8CA29C8E2103087D2D4C85F414F793D1FC336B951FB25C", "href": "https://www.ibm.com/support/pages/node/6205779", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:42", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-19T03:18:21", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-19T03:18:21", "id": "D48F5D967CAB789B94C7E1D084F92F01492F6ACFBE7DCFCADD9E3FE725B16F75", "href": "https://www.ibm.com/support/pages/node/2929815", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:03", "description": "## Summary\n\nWebSphere liberty is vulnerable to a DOS that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Knowledge Catalog for IBM Cloud Pak for Data| 2.5 \n \n\n\n## Remediation/Fixes\n\nInstall wkc-patch-3.0.0.5 for IBM Cloud Pak for Data. \n\nContact IBM support for more details.\n\n## Workarounds and Mitigations\n\nNone. WebSphere Liberty must be upgraded.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-28T19:42:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-28T19:42:34", "id": "D5F5876D51E1333B156D6BAB7A3B9B711BB9B026AF79134525B9F927D3CE884B", "href": "https://www.ibm.com/support/pages/node/6202553", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:23", "description": "## Summary\n\nIBM Event Streams has addressed the following vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Event Streams| 2019.2.1 \n \nIBM Event Streams in IBM Cloud Pak for Integration\n\n| \n\n2019.2.2 \n \nIBM Event Streams in IBM Cloud Pak for Integration\n\n| \n\n2019.2.3 \n \nIBM Event Streams\n\n| \n\n2019.4.1 \n \nIBM Event Streams in IBM Cloud Pak for Integration\n\n| 2019.4.1 \n \n## Remediation/Fixes\n\nUpgrade from IBM Event Streams 2019.2.1 to IBM Event Streams 2019.4.1 by downloading IBM Event Streams 2019.4.1 from [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/pao_customer.html>).\n\nUpgrade from IBM Event Streams 2019.4.1 to the [latest Fix Pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Event+Streams&release=2019.4.1&platform=All&function=fixId&fixids=*IBM-Event-Streams*>).\n\nUpgrade IBM Event Streams 2019.2.2, IBM Event Streams 2019.2.3 and IBM Event Streams 2019.4.1 in IBM Cloud Pak for Integration by downloading IBM Event Streams 2019.4.2 in IBM Cloud Pak for Integration 2020.2.1 from [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/pao_customer.html>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-11T16:10:40", "type": "ibm", "title": "Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4720", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-11T16:10:40", "id": "036EA0A600E846F6A02DD17117A50C0F70F9BAD404250267597F62555F45EA04", "href": "https://www.ibm.com/support/pages/node/6205727", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:52:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has beFor V7.0.0.0 through 7.0.0.45:en published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-13T10:26:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-13T10:26:12", "id": "A19C7DB3D10F228B0E192F9FC45BA5C4EA1CC1B39C3D650FC46AC90A6A37E1CD", "href": "https://www.ibm.com/support/pages/node/6259379", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:44:14", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale, which could allow a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nThe Elastic Storage Server 5.3.0 thru 5.3.5.2 \nThe Elastic Storage Server 5.0.0 thru 5.2.9 \nThe Elastic Storage Server 4.5.0 thru 4.6.0 \nThe Elastic Storage Server 4.0.0 thru 4.0.6\n\n \n \n\n\n## Remediation/Fixes\n\nFor IBM Elastic Storage Server V5.0.0 thru 5.3.5.2, apply V5.3.6 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&amp;release=5.3.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=5.3.0&platform=All&function=all>)\n\nFor IBM Elastic Storage Server V5.0.0 thru 5.2.9, apply V5.2.10 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&amp;release=5.2.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=5.2.0&platform=All&function=all>)\n\nIf you are unable to upgrade to ESS 5.3.6 or 5.2.10, contact IBM Service to obtain an efix:\n\n\\- For IBM Elastic Storage Server 5.3.0-5.3.5.2, reference APAR IJ24119 \n\\- For IBM Elastic Storage Server 5.0.0- 5.2.9, reference APAR IJ24099 \n\\- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IJ24099\n\nTo contact IBM Service, see <http://www.ibm.com/planetwide/>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-06T13:08:46", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-06T13:08:46", "id": "8C188C0D2A0502498EFDA98119EA020FAB6FAE0E7E28A0DEC0BD7B63D17039AB", "href": "https://www.ibm.com/support/pages/node/6192885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:07", "description": "## Summary\n\nTXSeries for Multiplatforms has addressed the following vulnerability reported by IBM\u00ae WebSphere Application Server liberty \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM TXSeries for Multiplatforms| 9.1.0.0 - 9.1.0.1 \nIBM TXSeries for Multiplatforms| 8.2.0.0 - 8.2.0.2 \nIBM TXSeries for Multiplatforms| 8.1.0.0 - 8.1.0.2 \n \n\n\n## Remediation/Fixes\n\nProduct| Version| Defect| Remediation / First Fix \n---|---|---|--- \nIBM TXSeries for Multiplatforms v9.1| \n\n9.1.0.0\n\n9.1.0.1\n\n| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_9.1_SpecialFix_032020&source=SAR>) \nIBM TXSeries for Multiplatforms v8.2| \n\n8.2.0.0\n\n8.2.0.1\n\n8.2.0.2\n\n| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_8.2_SpecialFix_032020&source=SAR>) \nIBM TXSeries for Multiplatforms v8.1| \n\n8.1.0.0\n\n8.1.0.1\n\n8.1.0.2\n\n| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_8.1_SpecialFix_032020&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-27T13:53:37", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect TXSeries for Multiplatforms", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-27T13:53:37", "id": "6A6D3443974438B65979A6338422445099F3CA76DB149428DB7450AB644D4F69", "href": "https://www.ibm.com/support/pages/node/6201736", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:53", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server | 9.0 \nWebSphere Application Server | 7.0 \nWebSphere Application Server | 8.0 \nWebSphere Application Server | 8.5 \nWebSphere Application Server Liberty | Continuous Delivery \n \n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical. \n\n**For WebSphere Application Server Liberty:**\n\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 20.0.0.2 or later (targeted availability 1Q2020).\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.2:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.3 or later (targeted availability 1Q2020).\n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-17T13:24:23", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-17T13:24:23", "id": "BFD3B2B780AE5E2B57758FF9D1854E539D0BDD7480D41CE99BA69E3C8264005C", "href": "https://www.ibm.com/support/pages/node/1285372", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:54", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale, which could allow a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Spectrum Scale V5.0.0.0 through V5.0.4.3\n\nIBM Spectrum Scale V4.2.0.0 through V4.2.3.20\n\n## Remediation/Fixes\n\nFor IBM Spectrum Scale V5.0.0.0 thru 5.0.4.3, apply V5.0.4.4 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=5.0.4&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.4&platform=All&function=all>)\n\nFor IBM Spectrum Scale V4.2.0.0 thru V4.2.3.20, apply V4.2.3.21 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=4.2.3&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all> \"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all\" )\n\nIf you cannot apply the latest level of service, contact IBM Service for an efix:\n\n\\- For IBM Spectrum Scale V5.0.0.0 through V5.0.4.3, reference APAR ** IJ24119**\n\n\\- For IBM Spectrum Scale V4.2.0.0 through V4.2.3.20, reference APAR **IJ24099**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-02T17:55:11", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-02T17:55:11", "id": "A3C55652F9A1A6B8950F7BED8B0E4416B16DE12D384B96E9E34E2D40FA65D07B", "href": "https://www.ibm.com/support/pages/node/6192879", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:42:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-27T08:14:51", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-27T08:14:51", "id": "6FA137EFE432E9DB974E04AE47D6A29DE89F27AF0B1E37EBA756CFF32ADEDFD7", "href": "https://www.ibm.com/support/pages/node/1288102", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:13", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System 3000, which could allow a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Elastic Storage System 3000| 6.0.0 through 6.0.0.1 \n \n## Remediation/Fixes\n\nFor IBM Elastic Storage System 3000 V6.0.0 thru 6.0.0.1, apply V6.0.0.2 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&amp;release=6.0.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=6.0.0&platform=All&function=all>)\n\nIf you are unable to upgrade to ESS 3000 V6.0.0.2, contact IBM Service to obtain an efix:\n\n\\- For IBM Elastic Storage System 6.0.0 - 6.0.0.1, reference APAR **IJ24119**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-22T12:18:59", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System 3000(CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-22T12:18:59", "id": "5D8C40983A1BCB78D36B7DF2374D6AE029F0F4282200D955A0BBA8DB40749562", "href": "https://www.ibm.com/support/pages/node/6192891", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:17", "description": "## Summary\n\nThere is a denial of server vulnerability in IBM WebSphere Liberty Profile used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1 have addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum Conductor| 2.2.1 \nIBM Spectrum Conductor| 2.4 \nIBM Spectrum Conductor| 2.4.1 \nIBM Spectrum Conductor| 2.3 \n \n\n\n## Remediation/Fixes\n\nProduct(s)| Version(s)| APAR| Remediation/Fixes \n---|---|---|--- \nIBM Spectrum Conductor with Spark| 2.2.1| None| [cws-2.2.1-build545141](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=cws-2.2.1-build545141&includeSupersedes=0> \"cws-2.2.1-build545141\" ) \nIBM Spectrum Conductor| 2.3.0| None| [sc-2.3-build545140](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.3-build545140&includeSupersedes=0> \"sc-2.3-build545140\" ) \nIBM Spectrum Conductor| 2.4.0| None| [sc-2.4-build545139](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4-build545139&includeSupersedes=0> \"sc-2.4-build545139\" ) \nIBM Spectrum Conductor| 2.4.1| None| [sc-2.4.1-build545138](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4.1-build545138&includeSupersedes=0> \"sc-2.4.1-build545138\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T07:17:35", "type": "ibm", "title": "Security Bulletin: A denial of service vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-20T07:17:35", "id": "3B6FFA1802620B3837E9241495B519A902FD546289DECADF7240559B78CE4CDA", "href": "https://www.ibm.com/support/pages/node/6195363", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:27", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere\u00ae Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM\u00ae Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, V5.1.0.6, V5.1.0.7, V5.1.0.8, V5.1.0.9, V5.1.0.10, V5.1.0.11, V5.1.0.12, V5.1.0.13, V5.1.0.14, V5.2.0, and V5.2.1| IBM WebSphere\u00ae Application Server V7.0, V8.0, V8.5, V9.0, and Liberty \nIBM\u00ae Intelligent Operations Center for Emergency Management V1.6, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, and V5.1.0.6| \nIBM\u00ae Water Operations for Waternamics V5.1, V5.2.0, V5.2.0.1, V5.2.0.2, V5.2.0.3, V5.2.0.4, V5.2.0.5, V5.2.0.6, V5.2.1, and V5.2.1.1| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-14T14:54:47", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere\u00ae Application Server shipped with IBM\u00ae Intelligent Operations Center (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-14T14:54:47", "id": "B7D99DF4C04CF5F3A2B3D2119C254ABE8CDD229DB7014A05C47081E83C530B8F", "href": "https://www.ibm.com/support/pages/node/6189699", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:28", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM Performance Management has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \nIBM Cloud APM| 8.1.4 \n \n## Remediation/Fixes\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private| 8.1.4| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0010 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/6120993>\n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0008 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6125031> \n \n---|---|--- \n \nIBM Cloud Application Performance Management\n\n| N/A| \n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0008 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6125031> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-14T11:54:02", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-14T11:54:02", "id": "AFDFD85F2CF1D11E09505DD0597E9BCE253A4C4F2F99EBAF3B1A1745134605D2", "href": "https://www.ibm.com/support/pages/node/6173931", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:47:29", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-4720\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.0.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 2.0.3 or later\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-19T19:17:02", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-19T19:17:02", "id": "35A8B908BE6A907E21280C68DBD7C12DD15E7AF64D1204CD2C6EEC2776BC0030", "href": "https://www.ibm.com/support/pages/node/6100456", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T21:41:11", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server that is used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. This issue was addressed by IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| All \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes for WebSphere Application Server. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-16T14:00:20", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Operations Analytics Predictive Insights (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-16T14:00:20", "id": "DDCF25AFD495DBD7D06398438314BF7845A2CEC74BFE45F295C9CE67BD318E39", "href": "https://www.ibm.com/support/pages/node/5967729", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:52:18", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.0, 4.0.1| Use Content Collector for Email 4.0.1.9 [Interim Fix IF006](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.9-IBM-ICC-IF006&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-06T15:58:44", "type": "ibm", "title": "Security Bulletin: Embedded WebSphere application server is vulnerable to a denial of service affect Content Collector for Email", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-06T15:58:44", "id": "0E954BE815796B26C7D4ABE2BCCC21DC5663BE0814B4E5F3C1EFE68319DD65E2", "href": "https://www.ibm.com/support/pages/node/6257105", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:19", "description": "## Summary\n\nIBM WebSphere Application Server used by Rational Asset Analyzer is vulnerable to a denial of service, caused by sending a specially-crafted request. .\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAsset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n\n\n## Remediation/Fixes\n\nRAA fixpack 23 refresh 1| [Windows](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Windows\" ) \n---|--- \nRAA fixpack 23 refresh 1| [z/OS](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"z/OS\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-30T19:19:49", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-30T19:19:49", "id": "A723DDE407BAD02EA174056C8472D7F717073A89A2422790546E09A7047E1824", "href": "https://www.ibm.com/support/pages/node/6242308", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:18", "description": "## Summary\n\nIBM WebSphere Application Server used by Rational Asset Analyzer is vulnerable to a denial of service, caused by sending a specially-crafted request. .\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nAsset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n\n\n## Remediation/Fixes\n\nRAA fixpack 23 refresh 1| [Windows](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Windows\" ) \n---|--- \nRAA fixpack 23 refresh 1| [z/OS](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"z/OS\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-30T20:09:05", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-30T20:09:05", "id": "92632CCF2E5D968091A91A66449BF402408AACCDD70624AA9ACC2E9C6CAE4822", "href": "https://www.ibm.com/support/pages/node/6242380", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:55:47", "description": "## Summary\n\nIBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.0 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.0\n * IBM Cloud Private 3.2.1\n\nFor IBM Cloud Private 3.2.0, apply March fix pack:\n\n * [IBM Cloud Private 3.2.0.2003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.0.2003-build547200-36007&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere> \"IBM Cloud Private 3.2.0.2003\" )\n\n \n\n\nFor IBM Cloud Private 3.2.1, apply March fix pack:\n\n * [IBM Cloud Private 3.2.1.2003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.1.2003-build547202-36013&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere> \"IBM Cloud Private 3.2.1.2003\" )\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-10T17:47:50", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-10T17:47:50", "id": "AF1E7C0E7AEB6A7745DD28859766C9018DBFD2ECD10FE9D39C7EEB35939A2141", "href": "https://www.ibm.com/support/pages/node/6208293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:53:38", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Common Reporting| 3.1.3 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Tivoli Common Reporting Release \n**| **Remediation** \n---|--- \n3.1.3| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-21T15:54:11", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-07-21T15:54:11", "id": "D749198CFA398E3FE70DB177828133BCFDE49DD1D6A4B6CD094FCE9101F991A4", "href": "https://www.ibm.com/support/pages/node/6251241", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:37", "description": "## Summary\n\nWebSphere liberty is vulnerable to a DOS\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - Compare &amp; Comply| All \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Compare and Comply for IBM Cloud Pak for Data 1.1.8. To download the software, go to Passport Advantage, then search for \"watson compare and comply for ICP for Data\", then select IBM Watson Compare and Comply for ICP for Data V1.1.8 Linux English , part number CC6J1EN.\n\n.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-14T17:49:48", "type": "ibm", "title": "Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-14T17:49:48", "id": "AE00FB59C4C5890B5FB641690EEA9F234AE860A6025824F78EBD0F309BF503F1", "href": "https://www.ibm.com/support/pages/node/6205963", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:38", "description": "## Summary\n\nThere are vulnerabilities in WebSphere liberty related to DOS used by IBM Streams. IBM Streams has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Streams| 4.1.1.x \nInfoSphere Streams| 4.2.1.x \nInfoSphere Streams| 4.3.1.x \n \n\n\n## Remediation/Fixes\n\nNOTE: Fix Packs are available on IBM Fix Central. \n\nTo remediate/fix this issue, follow the instructions below:\n\nVersion 4.3.x: Apply [ 4.3.0 Fix Pack 1 (4.3.1.2) or higher](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/InfoSphere+Streams&release=4.3.0.0&platform=All&function=all>) . \nVersion 4.2.x: Apply [4.2.1 Fix Pack 4 (4.2.1.10) or higher](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>) . \nVersion 4.1.x: Apply [4.1.1 Fix Pack 6 (4.1.1.12) or higher](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>) . \nVersions 4.0.x,3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-21T15:17:05", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in WebSphere liberty related to DOS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-21T15:17:05", "id": "D0E9A6FEA2999AD188DFACA4CDB52E09ADE22AA518CBD8BB87F91A5E6058C8B4", "href": "https://www.ibm.com/support/pages/node/6207088", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:10", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 - 1.1.3.5 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.0 - 1.1.3.3 | \n\nWebsphere Application Server Full Profile 8.5.5\n\n| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-28T01:20:13", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service shipped with Jazz for Service Management (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-28T01:20:13", "id": "FE28B8898498A227E2220C2F9647F725699EEA511DFACC3A1387E05664F8B1CE", "href": "https://www.ibm.com/support/pages/node/3653385", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:50:26", "description": "## Summary\n\nWebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \nV8.0 \nWebSphere Enterprise Service Bus| V7.5 \nV7.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-14T15:02:20", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2022-09-14T15:02:20", "id": "F1B3634B8733584864D98B4C436B7290E24275D03ABB8EEFDD4B8AA27AF04574", "href": "https://www.ibm.com/support/pages/node/1488741", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:47:53", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLiberty for Java| 3.37 \n \n\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java 3.42-20200311-1540 or higher, you must re-stage or re-push your application \n\nTo find the current version of Liberty for Java in IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands:\n\ncf ssh &lt;appname&gt; -c cat \"staging_info.yml\"\n\nLook for the following lines:\n\n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-19.0.0_9, buildpack-v3.37-20191002-1726, ibmjdk-1.8.0_sr5fp41-20190919, env)\",\"start_command\":\".liberty/initial_startup.rb\"}\n\nTo re-stage your application using the command-line Cloud Foundry client, use the following command:\n\ncf restage &lt;appname&gt;\n\nTo re-push your application using the command-line Cloud Foundry client, use the following command:\n\ncf push &lt;appname&gt;\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-07T16:01:56", "type": "ibm", "title": "Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2022-10-07T16:01:56", "id": "7F64ABD83A792D617A2AF9021224D3891ACD98806409091724BD7F4981A1DEB7", "href": "https://www.ibm.com/support/pages/node/5967987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T18:01:23", "description": "## Summary\n\nDenial of service vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway Web Service requests. CICS Transaction Gateway addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCICS Transaction Gateway| v9.1.0.0 - 9.1.0.3 \nCICS Transaction Gateway| V9.2.0.0 - 9.2.0.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade the WebSphere Application Server Liberty Core used by CICS TG Gateway daemon. Updated WebSphere Application Server Liberty Core files used by Gateway daemon are made available on Fix Central.\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nCICS Transaction Gateway for Multiplatforms| 9.2.0.0 \n9.2.0.1 \n9.2.0.2| PH24764| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&amp;fixids=92-CICSTG-Liberty-PH24764&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=92-CICSTG-Liberty-PH24764&source=SAR>) \nCICS Transaction Gateway for Multiplatforms| 9.1.0.0 \n9.1.0.1 \n9.1.0.2 \n9.1.0.3| PH24764| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&amp;fixids=91-CICSTG-Liberty-PH24764&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=91-CICSTG-Liberty-PH24764&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-09T16:57:12", "type": "ibm", "title": "Security Bulletin: Potential denial of service vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2021-12-09T16:57:12", "id": "4B9B5973ECB6BF9D964D666AB84A86D0BE4913C96B2CD56E503C78B2893FB8AA", "href": "https://www.ibm.com/support/pages/node/6202462", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:23", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.0~7.1.0.18 \n \n \n\n\n## Remediation/Fixes\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| _7.1.0.19_| _IJ24285_| [IBM Tivoli Netcool Impact 7.1.0 FP19](<https://www.ibm.com/support/pages/node/6210359> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-30T10:49:18", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-30T10:49:18", "id": "1C0D8FC2A9F7C68A34516E16D0E30997245D9487C0AA3C2F80109E35400A48A6", "href": "https://www.ibm.com/support/pages/node/6242158", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:46:30", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM WebSphere Remote Server - Product Family| 9.0, 8.5, 7.0 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n\nPrincipal Product and Version(s)\n\n| \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nWebSphere Remote Server \n9.0, 8.5, 7.0\n\n| \n\nWebSphere Application Server 9.0, 8.5, 8.0, 7.0\n\n| \n\n[WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-30T23:55:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-01-30T23:55:52", "id": "2A65FC125DA729940F7D04409677484F9FC90234EBEC407C2CC3CBD042F7D26C", "href": "https://www.ibm.com/support/pages/node/1285558", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:43:34", "description": "## Summary\n\nA WebSphere liberty vulnerability to a DOS has been fixed in Liberty 20.0.0.5. This fix is included in ICP Watson_Text_to_Speech, Speech to Text v1.1.2 (6/19/20). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech to Text Customer Care| 1.0.1-1.1 \n \n\n\n## Remediation/Fixes\n\nA WebSphere liberty vulnerability to a DOS has been fixed in Liberty 20.0.0.5. This fix is included in ICP Watson_Text_to_Speech, Speech to Text v1.1.2 (6/19/20). Please download and install the latest version to receive this fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2023-01-12T21:59:00", "id": "92DDBBDC460D6543CB9BFE965F63EDA565CCD1EA4CB283723A921DEDE857ACC5", "href": "https://www.ibm.com/support/pages/node/6238342", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:41:53", "description": "## Summary\n\nIBM CICS TX on Cloud has addressed the following vulnerability reported by IBM\u00ae WebSphere Application Server Liberty \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX on Cloud| 10.1.0.0 \n \n\n\n## Remediation/Fixes\n\nProduct| Version| Defect| Remediation / First Fix \n---|---|---|--- \nIBM CICS TX on Cloud| 10.1.0.0| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=IBM_CICSTX_on_Cloud_SpecialFIX_032020&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T20:49:24", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect IBM CICS TX on Cloud", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2023-02-14T20:49:24", "id": "0676DC64D9FAAA5543CCE97F95B289A6DF997F20DD2C5C84724916098603BA58", "href": "https://www.ibm.com/support/pages/node/6201681", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:48:42", "description": "## Summary\n\nApache Batik is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| \n\n[Vulnerability in Apache Batik affects WebSphere Application Server](<https://www.ibm.com/support/pages/node/6322683> \"Vulnerability in Apache Batik affects WebSphere Application Server\" )\n\n \nSee section: For V8.5.0.0 through 8.5.5.17: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-11-27T09:05:31", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in Apache Batik, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-17566"], "modified": "2020-11-27T09:05:31", "id": "6FC3A70E69693A6A15050339D9B2368FE0F69A247562F6FDA33037FBACD59417", "href": "https://www.ibm.com/support/pages/node/6373232", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:51:15", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683>) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683>) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683>) \n \n## \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-04T14:44:11", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability in Websphere Application Server Affects Predictive Customer Intelligence (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-09-04T14:44:11", "id": "C95C9771121CCE6842ACFEDC26BFC21B9739D3FC215633C459D55FD458440B00", "href": "https://www.ibm.com/support/pages/node/6326889", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:41", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-26T19:45:02", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-26T19:45:02", "id": "E9CDD69A151880279AA5C5E27039A10306BBC1E05EF41BEE24FB52ADDD64851C", "href": "https://www.ibm.com/support/pages/node/6323313", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:35", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Security Key Lifecycle Manager | 4.0 \nIBM Security Key Lifecycle Manager | 3.0.1 \nIBM Security Key Lifecycle Manager | 3.0 \nIBM Security Key Lifecycle Manager | 2.7 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-28T18:12:19", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-28T18:12:19", "id": "D0B36475A4B658E0814531AA499810EB812EB1431F68943B8310DF7002931DBE", "href": "https://www.ibm.com/support/pages/node/6324247", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:39", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Products and Versions(s)| Affected Supporting Products and Version(s) \n---|--- \nIBM Cloud Pak for Applications, all versions| \n\nWebSphere Application Server\n\n * 9.0\n * 8.5\n * 8.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n[Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-27T19:29:06", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server which is a component of IBM Cloud Pak for Applications is vulnerable to a server-side request forgery vulnerability in the Apache Batik library (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-27T19:29:06", "id": "353C8048EB40D7C11CD60ABB9D7F5DFD666EDB60B698E9932FC1A04919041609", "href": "https://www.ibm.com/support/pages/node/6323735", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:46", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server security vulnerability ( CVE-2019-17566 ) due to Apache Batik vulnerability has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights - All | Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights - All | Websphere Application Server 9.0 \n \n \n\n\n## Remediation/Fixes\n\nFor more information and recommended solutions see the disclosed security bulletin: [Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/security-bulletin-vulnerability-apache-batik-affects-websphere-application-server-cve-2019-17566> \"Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-23T14:50:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-11-23T14:50:01", "id": "E985F7DD50D9D8A298856E2C1DDC013C56A405C6DA86C2ECE58AB850F0AC19BE", "href": "https://www.ibm.com/support/pages/node/6371842", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:40", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| 9.0, 8.5 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version | Affected Supporting Product Security Bulletin \n---|---|--- \nWebSphere Remote Server 9.0, 8.5| WebSphere Application Server 9.0, 8.5, 8.0| \n\n[Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-27T18:28:28", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-27T18:28:28", "id": "491394DDEE034747D7811D1973C25BFF278CF244B77553F19F191E2CAC5CF3CB", "href": "https://www.ibm.com/support/pages/node/6323713", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:12", "description": "## Summary\n\nA Security Vulnerability Has Been Identified In Apache Batik. IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On is affected by Apache Batik. Information about this security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 8.5| [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-09T03:12:20", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In Apache Batik used by IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-09-09T03:12:20", "id": "066CC30FF07EA70663C1053750F35662E071CE8F2ADB63927D6FD5956CB157A7", "href": "https://www.ibm.com/support/pages/node/6327523", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:49:03", "description": "## Summary\n\nThere is a server-side request forgery vulnerability in the Apache Batik library which is used by WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 - 1.1.3.8 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.8| Websphere Application Server Full Profile 8.5.5 | [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) \nJazz for Service Management version 1.1.3.7 - 1.1.3.8| \n\nWebsphere Application Server Full Profile 9.0\n\n| [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-10T14:05:35", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to CVE-2019-17566", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-11-10T14:05:35", "id": "E24DA558C6C58E4DA05950B06D7C9C1BFB980CB0462AF1D70A81036D55BCE675", "href": "https://www.ibm.com/support/pages/node/6365863", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:32", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6 \nControl Desk 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n[Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-31T13:06:44", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-31T13:06:44", "id": "E677723D81339CA25FE5CB670D8786FB1ABB44D538C8C5D7C05E9A9FAE453FF7", "href": "https://www.ibm.com/support/pages/node/6324667", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:48:41", "description": "## Summary\n\nApache Batik is a required product forwith IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0| \n\n[Vulnerability in Apache Batik affects WebSphere Application Server](<https://www.ibm.com/support/pages/node/6322683> \"Vulnerability in Apache Batik affects WebSphere Application Server\" )\n\nSee section: For V8.5.0.0 through 8.5.5.17: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-11-27T09:04:51", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in Apache Batik, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-17566"], "modified": "2020-11-27T09:04:51", "id": "E888E5EBE83D27A538FE4C5957DF731881D9808C40870DA1BFEB861547852D38", "href": "https://www.ibm.com/support/pages/node/6373230", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:51:40", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere\u00ae Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| 1.5.0, 1.6.0, 1.6.0.1, 1.6.0.2, 1.6.0.3 \n \nIBM Intelligent Operations Center for Emergency Management (Linux)\n\n| 1.6.0 \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-27T17:38:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere\u00ae Application Server shipped with IBM\u00ae Intelligent Operations Center (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-27T17:38:17", "id": "11D50567E527C1FAA2CC7E5BFC7E0A144943437DED5DC6E20F8744DBB47E7648", "href": "https://www.ibm.com/support/pages/node/6323709", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:42", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-27T07:16:21", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-27T07:16:21", "id": "016248796F0D60834A9AE6D8C8659223A06C7DCF5A1BFEB093E2C71A7B706F76", "href": "https://www.ibm.com/support/pages/node/6323563", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:43", "description": "## Summary\n\nThere is a server-side request forgery vulnerability in the Apache Batik library which is used by WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server| 9.0 \nWebSphere Application Server| 8.0 \nWebSphere Application Server| 8.5 \n \n\n\n## Remediation/Fixes\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.4:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH26761](<https://www.ibm.com/support/pages/node/6322645> \"PH26761\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.5 or later (targeted availability 3Q2020). \n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH26761 ](<https://www.ibm.com/support/pages/node/6322645> \"PH26761\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH26761](<https://www.ibm.com/support/pages/node/6322645> \"PH26761\" )\n\n \nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V8.0 are is longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-25T21:46:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-25T21:46:45", "id": "099DD49202775CBB1F4948F66DB50FAE41385719EDE85DEF5171C85DA36B727F", "href": "https://www.ibm.com/support/pages/node/6322683", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:51:22", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.0 \nISIM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nISIM 6.0.0 | WAS 8.5| \n\n# \n\n# [Security Bulletin: Vulnerability in Apache Batik in WebSphere Application Server traditional (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Security Bulletin: Vulnerability in Apache Batik in WebSphere Application Server \\(CVE-2019-17566\\)\" )\n\n# \n \nISIM 6.0.2| WAS 9.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-31T20:16:17", "type": "ibm", "title": "Security Bulletin: Security vulnerabilty have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager(CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-08-31T20:16:17", "id": "05F3B2BCBA66E63FF50CAB9D4E4610B2EAE6CD3DA38047220611B10B02307DE3", "href": "https://www.ibm.com/support/pages/node/6324827", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:50:54", "description": "## Summary\n\nIBM C\u00faram Social Program Management uses Apache Batik libraries, for which there is a publicly known vulnerability. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nC\u00faram SPM| 7.0.10 \nC\u00faram SPM| 7.0.5.0 - 7.0.9 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nC\u00faram SPM| \n\n7.0.10\n\n| Visit IBM Fix Central and upgrade to [7.0.10 iFix1](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.10.0&platform=All&function=all> \"7.0.10 iFix1\" ) or a subsequent 7.0.10 release. \nC\u00faram SPM| \n\n7.0.9\n\n| Visit IBM Fix Central and upgrade to [7.0.9 iFix4](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.9.0_RP&platform=All&function=all> \"7.0.9 iFix4\" ) or a subsequent 7.0.9 release. \n \n## Workarounds and Mitigations\n\nFor information about all other versions, contact IBM C\u00faram Social Program Management customer support. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-15T17:17:39", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Batik library affects IBM C\u00faram Social Program Management (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-09-15T17:17:39", "id": "5F792F8D340FF2EE83DE40316936CA0AA1272904A4423A4CAF9FA698D9FD6BE0", "href": "https://www.ibm.com/support/pages/node/6333051", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-05T17:50:04", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V20.0 \nV19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \nV8.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: [Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566)](<https://www.ibm.com/support/pages/node/6322683> \"Vulnerability in Apache Batik affects WebSphere Application Server \\(CVE-2019-17566\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2019-17566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2022-09-14T15:28:14", "id": "124495DD455D7F5D1C3DB0D3404B8054E94AC8A5A5D620E6E377E96048271229", "href": "https://www.ibm.com/support/pages/node/6326853", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T17:46:14", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-20T15:49:54", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-20T15:49:54", "id": "7BA12B7A2C2BCEE40A55BB21BC529BDB0D9B20B59E6F2983995AF5849503866F", "href": "https://www.ibm.com/support/pages/node/6195405", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:45:25", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Watson. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1| IBM WebSphere Application Server 9.0.0.10 \nIBM OpenPages GRC Platform 7.4/8.0| IBM WebSphere Application Server 9.0.0.3 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-05-28T22:04:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-05-28T22:04:08", "id": "B9E90543C3CF1DFBA0782BBC29DAC9E1D62AB90500B4CD771DBABED35D5F3C0A", "href": "https://www.ibm.com/support/pages/node/6194799", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:46:06", "description": "## Summary\n\nIn the WebSphere Application Server Admin console where the Rational Asset Manager is deployed, a privilege escalation vulnerability is observed. Information about these security vulnerability affecting WebSphere Application Server is published in the respective security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.\n\n**NOTE:** Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). **Affected Supporting Product** | **Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. | [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T13:41:43", "type": "ibm", "title": "Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where the Rational Asset Manager is deployed (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-27T13:41:43", "id": "4CFD829FC5689C830F733DAAFC137E197362F6BE4BEBE94E8E13BF7B2EF0B11E", "href": "https://www.ibm.com/support/pages/node/6201714", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:45", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli Business Service Manager 6.1.0 all Fixpacks \nIBM Tivoli Business Service Manager 6.1.1 all Fixpacks \nIBM Tivoli Business Service Manager 6.2.0.0 \u2013 6.2.0.2 Interim Fix 1\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Tivoli Business Service Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Business Service Manager 6.1.0 \nIBM Tivoli Business Service Manager 6.1.1| IBM WebSphere Application Server 7.0| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nIBM Tivoli Business Service Manager 6.2.0| IBM WebSphere Application Server 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T05:40:40", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-19T05:40:40", "id": "984C658A69722C7E2D34C03CB9FA5EF111C30C21C8A4692FD40619BAD0DA6426", "href": "https://www.ibm.com/support/pages/node/6235664", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:05", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nIBM Cloud Pak for Applications, all versions| WebSphere Application Server: \n\n * 9.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T21:41:18", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM Cloud Pak for Applications (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-27T21:41:18", "id": "F34B5F292CB847FA020D7DE6B1D106C2936615E0FDD5B4DA8BCD5F33FFC8563D", "href": "https://www.ibm.com/support/pages/node/6202344", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:58", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server 8.5 \n \n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-12T07:56:46", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-12T07:56:46", "id": "6A4BBC92633A5E34B48E1547834611BAAD85CE223FC5369B32BA4F23A5EC9C73", "href": "https://www.ibm.com/support/pages/node/6228668", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:35", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \nIBM Case Manager| 5.1.1 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T20:54:36", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-10T20:54:36", "id": "F506FF540835CEFD27133D3CB3A0A3BA032DD083A74134905F9B468ADF436E2F", "href": "https://www.ibm.com/support/pages/node/6177729", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:34", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| 9.0, 8.5, 7.1, 7.0 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nWebSphere Remote Server \n9.0, 8.5, 7.1, 7.0\n\n| \n\nWebSphere Application Server 9.0, 8.5, 8.0, 7.0\n\n| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-13T13:53:45", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-13T13:53:45", "id": "70206BCCE747ADF9964BC5AC7DD6EB8D8DAA93482BF8885A9081AAAB7BEAB1D3", "href": "https://www.ibm.com/support/pages/node/6187575", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:38", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 8.0\n * 8.5\n * 9.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T16:50:32", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-10T16:50:32", "id": "04ABBB708923892B731E5E85494310295FECB96BEABA340DE48D8A568440E716", "href": "https://www.ibm.com/support/pages/node/6177705", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:04", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.2; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0 \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V8.5.0.0 through 8.5.5.17:** \n \nITNM| 4.1.1| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-14T14:49:38", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-07-14T14:49:38", "id": "44783FBE5A56631F824B0BD81DD9283D986371A072B0452A51C478BF8C46E0FD", "href": "https://www.ibm.com/support/pages/node/6247919", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:51:49", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:33:10", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-24T12:33:10", "id": "9081ED85EA10CB575BFD1EB11FA27A662DFAB7101202111CD17F820A9D435CE8", "href": "https://www.ibm.com/support/pages/node/6320867", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:54:03", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V8.5.0.0 through 8.5.5.17:** \n \nITNCM| 6.4.1| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-14T14:51:06", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-07-14T14:51:06", "id": "B60F2DE561421149178C0830D6DD1EA4E4B1D14D2A06C69E877CB955E38F038A", "href": "https://www.ibm.com/support/pages/node/6247927", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:51:48", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.1.1| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:25:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-24T12:25:01", "id": "46A70A5DCC82B9F0BE8D09EF31A748079C7C3F6ACC5769FC8CF7E487AB1D0EA9", "href": "https://www.ibm.com/support/pages/node/6320859", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:52:18", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nContent Collector for Email 4.0.0, 4.0.1\n\n \n\n\n## Remediation/Fixes\n\n**Product**| **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.0, 4.0.1| Use Content Collector for Email 4.0.1.9 [Interim Fix IF006](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.9-IBM-ICC-IF006&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-06T17:16:24", "type": "ibm", "title": "Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to a privilege escalation vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-06T17:16:24", "id": "25CD6FE340F22514220FD6473DC911FECCFC9E40EE608FECC7A422AEEE34ECB9", "href": "https://www.ibm.com/support/pages/node/6257135", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:51:37", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Common Reporting| 3.1.3 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Jazz for Service Management Releases \n**| **Remediation** \n---|--- \n1.1.3 - 1.1.3.7| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-28T06:00:34", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to Privilege Escalation (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-28T06:00:34", "id": "8DA236BF190960C2E20C01B1DDE110742EBA0BB278E6174D1B98558B3FE80575", "href": "https://www.ibm.com/support/pages/node/6324079", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:16", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s) \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: \n \n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4362> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-20T16:50:37", "type": "ibm", "title": "Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-20T16:50:37", "id": "AAD609CAA94C916589F4887D6CD5C2416E4F6208E4578B25FA022618187A432A", "href": "https://www.ibm.com/support/pages/node/6195413", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:37", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417?myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T14:32:07", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-10T14:32:07", "id": "C698ACD8BD878FFAF13B5530425B16956E9503FE860A025CB74500FC8F4D6D5D", "href": "https://www.ibm.com/support/pages/node/6177627", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:21", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-30T17:42:32", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-30T17:42:32", "id": "C658FC5F35EA81EA139B8BD636CD7716958E2E2F1D560D0AFDE22AFAB6106BA0", "href": "https://www.ibm.com/support/pages/node/6242302", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:30", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 and fixpacks \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.7| Websphere Application Server Full Profile 8.5.5 | [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nJazz for Service Management version 1.1.3.7| \n\nWebsphere Application Server Full Profile 9.0\n\n| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-26T06:18:21", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to Privilege Escalation Vulnerability (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-26T06:18:21", "id": "154976217130EF4C017061ED199482E4956FF91CB6AF94EDCB8B76B1BB6C9BD1", "href": "https://www.ibm.com/support/pages/node/6238854", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:45:30", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-28T21:20:37", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-05-28T21:20:37", "id": "602F7DC12145A4C85D2027947D4108B54FAD7C292FC222DA0A6A2CF4FAF28D0E", "href": "https://www.ibm.com/support/pages/node/6192987", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:31", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \n| IBM Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, and V1.6.0.3 \n--- \nIBM WebSphere Application Server V7.0, V8.0, V8.5, V9.0 \nIBM Intelligent Operations Center for Emergency Management V1.6| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-14T09:32:59", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-14T09:32:59", "id": "84A310ED49DE6752B94CA056CE617FCBEDD44DC4D9D5740C3D037B5256856767", "href": "https://www.ibm.com/support/pages/node/6189495", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:45:23", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n**DESCRIPTION: **IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server | 9.0 \nWebSphere Application Server | 8.5 \nWebSphere Application Server | 8.0 \nWebSphere Application Server | 7.0 \n \n## Remediation/Fixes\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.4:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.5 or later (targeted availability 3Q2020). \n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-09T21:47:47", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-09T21:47:47", "id": "0F7411C38D450D0D17C9E0514668E2F096EAD5FA2260C48F544A9D0EC99938E3", "href": "https://www.ibm.com/support/pages/node/6174417", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T17:49:58", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \nV8.0 \nWebSphere Enterprise Service Bus| V7.5 \nV7.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2022-09-14T15:28:14", "id": "9E1BB215B06E70813889A210BA1C63DEA88480C8704FBDA41B1612E059BF1140", "href": "https://www.ibm.com/support/pages/node/6202786", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:53:41", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T03:46:11", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-20T03:46:11", "id": "87875510813D1DB49DB3083F4FD9E7E533347832C24E964756F893FB73BEC21B", "href": "https://www.ibm.com/support/pages/node/6250789", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:53:40", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \nIBM Case Manager| 5.1.1 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T18:48:00", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-20T18:48:00", "id": "54232EB09291F37672F1DCD760E739BD98F95251B2201F30CF0081923FF441E4", "href": "https://www.ibm.com/support/pages/node/6250909", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:49:52", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with or is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.1 and 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \nITNCM| 6.4.2 \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee sections For V7.0.0.0 through 7.0.0.45 \n \nITNCM| 6.4.2| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee sections For V8.5.0.0 through 8.5.5.16 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-10-14T22:54:33", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with or required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4464"], "modified": "2020-10-14T22:54:33", "id": "E28F9F6C9E7CA32A9CB4C9083104160A9FFAE5054315A1257B99E6F712F98C5F", "href": "https://www.ibm.com/support/pages/node/6348254", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:49:49", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with or required for IBM Tivoli Network Manager version 3.9, 4.1.1 and 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 3.9 \nITNM| 4.1.1.x \nITNM| 4.2 \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 3.9| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee Section For V7.0.0.0 through 7.0.0.45: \n \nITNM| 4.1.1.x| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee Section For V7.0.0.0 through 7.0.0.45: \n \nITNM| 4.2| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee Section For V8.5.0.0 through 8.5.5.16: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-10-14T22:47:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with or required for IBM Tivoli Network Manager (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4464"], "modified": "2020-10-14T22:47:34", "id": "C4023F9D05275ED3C66B169CE0D3B807C7D4D7FC324365D9C8DE18321BF9E2DF", "href": "https://www.ibm.com/support/pages/node/6348248", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:49:50", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with or required for IBM Tivoli Network Manager version 3.9, 4.1.1 and 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 3.9 \nITNM| 4.1.1.x \nITNM| 4.2 \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 3.9| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee Section For V7.0.0.0 through 7.0.0.45: \n \nITNM| 4.1.1.x| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee Section For V7.0.0.0 through 7.0.0.45: \n \nITNM| 4.2| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee Section For V8.5.0.0 through 8.5.5.16: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-10-14T22:52:56", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with or required for IBM Tivoli Network Manager (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4464"], "modified": "2020-10-14T22:52:56", "id": "B4FB56CD786500EDD3DBBB2AB774D5CA785B1E5906A71B19B547681BEE096D12", "href": "https://www.ibm.com/support/pages/node/6348252", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:52:45", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Security Key Lifecycle Manager | 4.0 \nIBM Security Key Lifecycle Manager | 3.0.1 \nIBM Security Key Lifecycle Manager | 3.0 \nIBM Security Key Lifecycle Manager | 2.7 \n \n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4464> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-27T06:47:28", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-27T06:47:28", "id": "F377DF4D5AC9CB427BA3320F84A8C72B6AAAF416F9D328B27A64447BFD6CF455", "href": "https://www.ibm.com/support/pages/node/6253221", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:26", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.3\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Tivoli Business Service Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Business Service Manager 6.2.0| IBM WebSphere Application Server| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-30T04:12:53", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-09-30T04:12:53", "id": "589A2832E6011C04D935A964DC4FDC28B2C467E04C393138914F39193C6EB95D", "href": "https://www.ibm.com/support/pages/node/6339529", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:49:53", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability to a command execution affecting IBM WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nIBM Operations Analytics Predictive Insights \\- All| Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights - All| Websphere Application Server 9.0 \n \n\n\n## Remediation/Fixes\n\nMore information and recommended solutions are disclosed with the security bulletin: [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4464> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-14T16:06:55", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-10-14T16:06:55", "id": "607007FE560959C96A7D7309FFC95320C63D2655013332B176F60414ABC8616C", "href": "https://www.ibm.com/support/pages/node/6348032", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:53:27", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-24T03:57:42", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-24T03:57:42", "id": "6F4EACEFB51937EB746B4C0034BC67DC24D36A686094196181F33FE6C24A9701", "href": "https://www.ibm.com/support/pages/node/6252729", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:11", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s) \n---|--- \nIBM Cloud Pak for Applications, all versions| \n\nWebSphere Application Server\n\n * 9.0\n * 8.5\n * 8.0\n * 7.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes\n\n * [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-10T21:41:09", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with IBM Cloud Pak for Applications is vulnerable to a remote code execution vulnerability (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-08-10T21:41:09", "id": "25D3745DA0BDED8FAC2DA99D46F547AABBD305F8CB91025DEDEE614E6A1B7EE4", "href": "https://www.ibm.com/support/pages/node/6257867", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:49:50", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with or is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.1 and 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \nITNCM| 6.4.2 \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee sections For V7.0.0.0 through 7.0.0.45 \n \nITNCM| 6.4.2| \n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability\" )\n\nSee sections For V8.5.0.0 through 8.5.5.16 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-10-14T22:51:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with or required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4464"], "modified": "2020-10-14T22:51:01", "id": "03FADCC257A17FED6A8C41D04F8606BF0489C6FE20567ACF4008E235575AE7BE", "href": "https://www.ibm.com/support/pages/node/6348250", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:50:47", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Watson. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1| IBM WebSphere Application Server 9.0.0.10 \nIBM OpenPages GRC Platform 7.4/8.0| IBM WebSphere Application Server 9.0.0.3 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/6250059> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-09-22T15:41:49", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4464"], "modified": "2020-09-22T15:41:49", "id": "53DD4EBA25137DCF4917C3B0715AF24BFB0FBC10256BB5FB0DC53D7BD9B24F62", "href": "https://www.ibm.com/support/pages/node/6334803", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:52:43", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions | WebSphere Application Server: \n\n * 9.0\n * 8.5\n * 8.0 \n \n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-27T14:58:58", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a remote code execution vulnerability (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-27T14:58:58", "id": "3B29E76A6FB5013338408E3A12D9C2E41ED21A8A0E9A3D01276C766E06328B95", "href": "https://www.ibm.com/support/pages/node/6253275", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:38", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4464> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-28T07:16:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-28T07:16:08", "id": "01FB518144D44CF22409F1D272D259205D9A22503BE7F24CED4D16CF439E1FD8", "href": "https://www.ibm.com/support/pages/node/6253791", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:27", "description": "## Summary\n\nWebSphere Application Server is vulnerable to a remote code execution vulnerability. This has been addressed.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nTivoli Common Reporting| All \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Jazz for Service Management Releases \n**| **Remediation** \n---|--- \n1.1.3 - 1.1.3.8| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-29T17:40:06", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to a remote code execution vulnerability (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-09-29T17:40:06", "id": "666F24C8DBF4014A69735968E09FF5A01952E6AD6A72CA8D1BA4E1EDEFD1D038", "href": "https://www.ibm.com/support/pages/node/6339207", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:45", "description": "## Summary\n\nWebSphere Application Server is vulnerable to a remote code execution vulnerability. This has been addressed.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 - 1.1.3.8 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.8| Websphere Application Server Full Profile 8.5.5 | [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \nJazz for Service Management version 1.1.3.7 - 1.1.3.8| \n\nWebsphere Application Server Full Profile 9.0\n\n| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-22T17:32:10", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to remote code execution vulnerability (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-09-22T17:32:10", "id": "6E7625FC4A910ACF24BD1B3F645D1662C0320B3BB6C41373FA358B1C5A9F9CFC", "href": "https://www.ibm.com/support/pages/node/6335799", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:53:36", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| 9.0, 8.5, 7.1, 7.0 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\n** Principal Product and Version(s)**| **Affected Supporting Product and Version**| ** Affected Supporting Product Security Bulletin** \n---|---|--- \nWebSphere Remote Server 9.0, 8.5, 7.1, 7.0| WebSphere Application Server 9.0, 8.5, 8.0, 7.0| [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \nPrincipal Product and Version(s)\u200b\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-21T18:41:00", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-21T18:41:00", "id": "A7B5DFA89534013C5C0B752FA00CA59BCDFA236742B0F2060D8475E1E61EF418", "href": "https://www.ibm.com/support/pages/node/6251305", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:53:37", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6 \nControl Desk 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n\n\n## Remediation/Fixes\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-22T14:43:54", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-22T14:43:54", "id": "920CE3750D6F5062EF6D97ABBEC79954ED66A1599BB4C1D9D5D9EE462B593D9F", "href": "https://www.ibm.com/support/pages/node/6251881", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:33", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere\u00ae Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3 \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-29T16:30:56", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere\u00ae Application Server shipped with IBM\u00ae Intelligent Operations Center (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-29T16:30:56", "id": "EC5CD916ADD0F8360EEC8B3E8408BE984222D573F002264AFCEFE8F737929419", "href": "https://www.ibm.com/support/pages/node/6254387", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:17", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4464](<https://vulners.com/cve/CVE-2020-4464>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.0 \nContent Collector for Email| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.0, 4.0.1| Use Content Collector for Email 4.0.1.9 [Interim Fix IF006](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.9-IBM-ICC-IF006&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-06T18:17:05", "type": "ibm", "title": "Security Bulletin: Embedded WebSphere Application Server is vulnerable to a command execution vulnerability affect Content Collector for Email", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-08-06T18:17:05", "id": "6FC536900A34B847E42046BE9C6266291685F5F8D4293007DAC2C0021AB6CFF7", "href": "https://www.ibm.com/support/pages/node/6257151", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:53:56", "description": "## Summary\n\nWebSphere Application Server is vulnerable to a remote code execution vulnerability. This has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4464](<https://vulners.com/cve/CVE-2020-4464>) \n** DESCRIPTION: **IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server| 9.0 \nWebSphere Application Server| 8.5 \nWebSphere Application Server| 8.0 \nWebSphere Application Server| 7.0 \n \n\n\n## Remediation/Fixes\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.4:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH26952](<https://www.ibm.com/support/pages/node/6249987> \"PH26952\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.5 or later (targeted availability 3Q2020). \n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH26952](<https://www.ibm.com/support/pages/node/6249987> \"PH26952\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH26952](<https://www.ibm.com/support/pages/node/6249987> \"PH26952\" ) \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH26952](<https://www.ibm.com/support/pages/node/6249987> \"PH26952\" ) \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-16T21:17:51", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-16T21:17:51", "id": "617B4CF0EF3F9A9F2F54246D1D2A2792AA6769F6B44F8DC3B01F11745B2422C8", "href": "https://www.ibm.com/support/pages/node/6250059", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:45:39", "description": "## Summary\n\nIBM Security Privileged Identity Manager has addressed a command execution vulnerability in WebSphere Application Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4464](<https://vulners.com/cve/CVE-2020-4464>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISPIM| 2.1.1 \nISPIM| 2.0.2 \nISPIM| 2.1.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s) | Remediation \n---|---|--- \nISPIM| 2.1.1| [2.1.1-ISS-ISPIM-VA-FP0006](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.1-ISS-ISPIM-VA-FP0006> \"\" ) \n \nISPIM| 2.1.0| [2.1.0-ISS-ISPIM-VA-FP0013](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.0-ISS-ISPIM-VA-FP0013&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=SAR> \"\" ) \n---|---|--- \nISPIM| 2.0.2| [2.0.2-ISS-ISPIM-VA-FP0013](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0013&includeRequisites=1&includeSup> \"\" ) \n---|---|--- \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T09:22:18", "type": "ibm", "title": "Security Bulletin: IBM Security Privileged Identity Manager is affected by a code execution vulnerability (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2021-03-09T09:22:18", "id": "C16ABA3451616F0B12FF9B91C183BC2B0F3C7E6BA4CC7ADB8E3163E2152E6C65", "href": "https://www.ibm.com/support/pages/node/6427551", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:36", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s) \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: \n \n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4464> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-28T17:51:08", "type": "ibm", "title": "Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-28T17:51:08", "id": "65BD9ACADC9044E17F337DB569D63B71E61FF403A90135971CEE51E242EE36F2", "href": "https://www.ibm.com/support/pages/node/6253949", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-05T17:50:07", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| \n\nV20.0 \nV19.0 \nV18.0 \n \nIBM Business Process Manager| V8.6 \nV8.5 \nV8.0 \nWebSphere Enterprise Service Bus| V7.5 \nV7.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2022-09-14T15:28:14", "id": "5D27044FC6F32C09AC9ACEAA7E1893AD8368B3A89DFE817BCE757850250E805D", "href": "https://www.ibm.com/support/pages/node/6251913", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-05T17:55:55", "description": "## Summary\n\nIBM WebSphere Application Server 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4464](<https://vulners.com/cve/CVE-2020-4464>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Master Data Management| 11.6 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM InfoSphere Master Data Management 11.6 \n| IBM WebSphere Application Server versions 9.0.| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4464> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T10:23:01", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management 11.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2022-04-27T10:23:01", "id": "C9C4235C34E1A436F6973E926458F8E4E760EA8C85112E0BC1C3CC10E448DFA5", "href": "https://www.ibm.com/support/pages/node/6458171", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:08", "description": "## Summary\n\nWebSphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| WebSphere Application Server 8.5.5| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \nPredictive Customer Intelligence 1.1 and 1.1.1| WebSphere Application Server 8.5.5.6| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \nPredictive Customer Intelligence 1.1.2| WebSphere Application Server 9.0.0.4| [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" ) \n \n## \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-11T23:22:30", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability in WebSphere Application Server Affects Predictive Customer Intelligence (CVE-2020-4464)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-08-11T23:22:30", "id": "25E0E8481641B59C734FA90D52D083DED29B79B9E4EA668AC7F57BABFC6EC189", "href": "https://www.ibm.com/support/pages/node/6258123", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:54:51", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Predictive Customer Intelligence| 1.0.0 \nIBM Predictive Customer Intelligence| 1.0.1 \nIBM Predictive Customer Intelligence| 1.1 \nIBM Predictive Customer Intelligence| 1.1.1 \nIBM Predictive Customer Intelligence| 1.1.2 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Versions**\n\n| \n\n**Affected Supporting Product Security Bulletin** \n \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1 | \n\nWebsphere Application Server 8.5.5\n\n| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \nPredictive Customer Intelligence 1.1 and 1.1.1\n\n| \n\nWebsphere Application Server 8.5.5.6\n\n| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \nPredictive Customer Intelligence 1.1.2\n\n| \n\nWebsphere Application Server 9.0.0.4\n\n| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-15T21:08:22", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-06-15T21:08:22", "id": "98753DD5A47155B43FDD85B8F35D8CA58ADD17824EBC1C028635D87D3D94F55C", "href": "https://www.ibm.com/support/pages/node/6232784", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:53", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository V8.0 and V8.5 are affected.\n\n**Principle Product and Version(s)**| **Affected Supporting Product and Version(s)** \n---|--- \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes: \n\n * [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4276> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T14:38:43", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-30T14:38:43", "id": "5B1CAC420B37804647C541FAC183826F2E21797B0700F6651A1152500668559E", "href": "https://www.ibm.com/support/pages/node/6129207", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:44:31", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager.\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-07-24T22:19:08", "id": "378BE0AE9115556839B6838DD143454A31F920F6E06B153C6C912D736A8A5E6B", "href": "https://www.ibm.com/support/pages/node/6124509", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:55:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 &amp; 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0.x \nITNM| 4.1.1.x \nITNM| 3.9.x \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0.x| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V8.5.0.0 through 8.5.5.17:** \n \nITNM| 4.1.1.x| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9.x| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-06-09T17:09:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-06-09T17:09:52", "id": "5F3403ED8D02DAA10FBA538CB4DCF56BD8B109CAED21CA46B345AAC79FF9F20F", "href": "https://www.ibm.com/support/pages/node/6221292", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:46:50", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with Tivoli Access Manager for e-business. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Access Manager for e-business| 6.1.1.x \nIBM Tivoli Access Manager for e-business| 6.1.x \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Versions| Affected Supporting Products and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nTivoli Access Manager for e-business 6.1.x, 6.1.1.x| IBM WebSphere Application Server 7.0.0.X| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-31T23:01:05", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-31T23:01:05", "id": "CF96155EBDBFEB76CEC027341CADB800CDAE0961E8A5F5AA5EFB7272EA972F66", "href": "https://www.ibm.com/support/pages/node/6148029", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-09T02:53:55", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-09T02:53:55", "id": "96131552C11C489EF2F142CAF94550F397BAD1654456F371568AEC0B3C92AE59", "href": "https://www.ibm.com/support/pages/node/6173691", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:38", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \nIBM Case Manager| 5.1.1 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T21:05:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-10T21:05:04", "id": "F2C0FD9B6F69E9045C9C79CC5F846E47457E4B2414EED330DCE2A52BEF475BF0", "href": "https://www.ibm.com/support/pages/node/6177741", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:52", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V8.5.0.0 through 8.5.5.17:** \n \nITNCM| 6.4.1| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-06-15T10:58:16", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-06-15T10:58:16", "id": "9F51227A933365BAB4E61C4D1E8695CE3A2CAEAE27CCC9C6EDD242CBF9439834", "href": "https://www.ibm.com/support/pages/node/6232486", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:46:56", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| All \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nWebSphere Remote Server \n9.0, 8.5, 7.1, 7.0| WebSphere Application Server 9.0, 8.5, 8.0, 7.0| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-27T14:40:36", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-27T14:40:36", "id": "EDC8FA617866F99772D842D31A33C6C6C4A0DDAD538375D9285202B64BACC05D", "href": "https://www.ibm.com/support/pages/node/6124881", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:36", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \n| IBM Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, and V1.6.0.3 \n--- \nIBM WebSphere Application Server V7.0, V8.0, V8.5, V9.0 \nIBM Intelligent Operations Center for Emergency Management V1.6| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T09:02:46", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-10T09:02:46", "id": "E643425D7938402C778E161E848033FFD16F90BB75AD7E88227977F59105471B", "href": "https://www.ibm.com/support/pages/node/6175011", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:54", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes: \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T22:10:28", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-30T22:10:28", "id": "E477BE4D73F72972D5ED04AE1F52E86348D8674550100046AC9C2F465DC3514C", "href": "https://www.ibm.com/support/pages/node/6129579", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:47:02", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 9.0\n * 8.5\n * 8.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-26T16:32:54", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server Bundled With IBM WebSphere Application Server Patterns (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-26T16:32:54", "id": "14082B1B5D41B7616A5E295FA25DD7F0E1BAF096180976605B25CBAB04D957BC", "href": "https://www.ibm.com/support/pages/node/6120789", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:45:26", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Watson. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1| IBM WebSphere Application Server 9.0.0.10 \nIBM OpenPages GRC Platform 7.4/8.0| IBM WebSphere Application Server 9.0.0.3 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-05-28T22:06:26", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-05-28T22:06:26", "id": "3025667363AA4FD0A84EA6FC4AC56CB4074FA1571D208441ACE2404576480801", "href": "https://www.ibm.com/support/pages/node/6194781", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:46:53", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4276)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4276> \"WebSphere Application Server is vulnerable to a command execution vulnerability \\(CVE-2020-4276\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T15:51:29", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-30T15:51:29", "id": "38196E5969E3832D5283656E865BC6AC8E6148796AD06026B314C2AFB93E932C", "href": "https://www.ibm.com/support/pages/node/6129285", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:05", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Applications| \n\nWebSphere Application Server\n\n * 9.0 \n| \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T17:53:23", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server Bundled With IBM Cloud Pak for Applications (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-27T17:53:23", "id": "87C8C87F4B6B5E4949B0BBE1E6C16D7511DCBB8AA384A4558293B4D8FA1143F6", "href": "https://www.ibm.com/support/pages/node/6201987", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:47:00", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server| 9.0 \nWebSphere Application Server| 7.0 \nWebSphere Application Server| 8.0 \nWebSphere Application Server| 8.5 \n \n\n\n## Remediation/Fixes\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.3:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.4 or later (targeted availability 2Q2020). \n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-25T22:53:21", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-25T22:53:21", "id": "A778665E3A13285610D462BB48B8B364C628140C0274B757D7504580D6201440", "href": "https://www.ibm.com/support/pages/node/6118222", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T17:50:03", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Enterprise Service Bus| All \nWebSphere Enterprise Service Bus Registry Edition| All \nIBM Business Automation Workflow| 18.0 \n19.0 \nIBM Business Process Manager| 8.6 \nIBM Business Process Manager| 8.5.7 \nIBM Business Process Manager| 8.5.0 \nIBM Business Automation Workflow| 18.0 \nIBM Business Process Manager| 8.0 \nIBM Business Process Manager| 8.5.5 \nIBM Business Process Manager| 8.5 \nIBM Business Process Manager| 8.5.6 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin: [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2022-09-14T15:28:14", "id": "113259207D52BE413F3CAE31F271253A23E845C8A2B64D5637DC8B875CD4F3ED", "href": "https://www.ibm.com/support/pages/node/6120975", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:55:24", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 - 1.1.3.6 \n \n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.6| \n\nWebsphere Application Server Full Profile 8.5.5\n\n| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-28T20:55:29", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to Privilege Escalation Vulnerability (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-05-28T20:55:29", "id": "8623F3BCA39750F461E25D38E5D80C77F99E3F53EEDF08FE02CB010C7347CEA3", "href": "https://www.ibm.com/support/pages/node/6209681", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:04:22", "description": "The IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.18. It is, therefore, affected by a server-side request forgery vulnerability. An authenticated, remote attacker can exploit this, by sending a specially crafted request, to obtain sensitive data.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-29T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.5.x < 8.5.5.18 Server-side Request Forgery (6209099)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6209099.NASL", "href": "https://www.tenable.com/plugins/nessus/139065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139065);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-4365\");\n script_xref(name:\"IAVA\", value:\"2020-A-0254-S\");\n\n script_name(english:\"IBM WebSphere Application Server 8.5.x < 8.5.5.18 Server-side Request Forgery (6209099)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a server-side request forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.18. It is, therefore,\naffected by a server-side request forgery vulnerability. An authenticated, remote attacker can exploit this, by sending\na specially crafted request, to obtain sensitive data.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6209099\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, or later. Alternatively, upgrade to the minimal fix pack level\nrequired by the interim fix and then apply Interim Fix PH23638.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH23638';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH23638' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.17', 'fixed_version' : '8.5.5.18 or ' + fix }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:34", "description": "The IBM WebSphere Application Server running on the remote host is version 7.0.x prior or equal to 7.0.0.45, 8.0.x prior or equal to 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.3 It is, therefore, affected by aa denial of service vulnerability. An unauthenticated remote attacker can exploit this by using a specially crafted request to cause the system to stop responding.", "cvss3": {}, "published": "2020-02-07T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server Denial of Service (CVE-2019-4720)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_CVE-2019-4720.NASL", "href": "https://www.tenable.com/plugins/nessus/133529", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133529);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2019-4720\");\n\n script_name(english:\"IBM WebSphere Application Server Denial of Service (CVE-2019-4720)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by an information disclosure vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 7.0.x prior or equal to 7.0.0.45, 8.0.x \nprior or equal to 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.3 It is, therefore, affected by\naa denial of service vulnerability. An unauthenticated remote attacker can exploit this by using a specially crafted \nrequest to cause the system to stop responding.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://exchange.xforce.ibmcloud.com/vulnerabilities/172125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/1285372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.3, or\nlater. Alternatively, upgrade to the minimal fix pack levels required\nby the interim fix and then apply Interim Fix PH19528.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-4720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH19528';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH19528' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':'7.0.0.45 and '+fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':'8.0.0.15 and ' + fix},\n {'min_version':'8.5.5.0', 'fixed_version':'8.5.5.18', 'fixed_display':'8.5.5.18 or ' + fix},\n {'min_version':'9.0.0.0', 'fixed_version':'9.0.5.3', 'fixed_display':'9.0.5.3 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:31", "description": "The IBM WebSphere Application Server running on the remote host is version 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.5. It is, therefore, affected by a server-side request forgery vulnerability due to improper input validation by the xlink:href attributes. An unauthenticated, remote attacker can exploit this to cause the underlying server to make arbitrary GET requests.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 SSRF (CVE-2019-17566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17566"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6322683.NASL", "href": "https://www.tenable.com/plugins/nessus/142059", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142059);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-17566\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 SSRF (CVE-2019-17566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a server-side request forgery vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to\n8.5.5.18, or 9.0.x prior to 9.0.5.5. It is, therefore, affected by a server-side request forgery vulnerability due to\nimproper input validation by the xlink:href attributes. An unauthenticated, remote attacker can exploit this to cause\nthe underlying server to make arbitrary GET requests.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6322683\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.5, or later. Alternatively, upgrade to the minimal fix pack\nlevels required by the interim fix and then apply Interim Fix PH26761.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH26761';\n\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH26761' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_display':fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.17', 'fixed_display':'8.5.5.18 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.5.4', 'fixed_display':'9.0.5.5 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:36", "description": "This update for xmlgraphics-batik fixes the following issues :\n\n - CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xmlgraphics-batik (openSUSE-2020-851)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17566"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xmlgraphics-batik", "p-cpe:/a:novell:opensuse:xmlgraphics-batik-demo", "p-cpe:/a:novell:opensuse:xmlgraphics-batik-rasterizer", "p-cpe:/a:novell:opensuse:xmlgraphics-batik-slideshow", "p-cpe:/a:novell:opensuse:xmlgraphics-batik-squiggle", "p-cpe:/a:novell:opensuse:xmlgraphics-batik-svgpp", "p-cpe:/a:novell:opensuse:xmlgraphics-batik-ttf2svg", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-851.NASL", "href": "https://www.tenable.com/plugins/nessus/138698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-851.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138698);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-17566\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : xmlgraphics-batik (openSUSE-2020-851)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for xmlgraphics-batik fixes the following issues :\n\n - CVE-2019-17566: Fixed a SSRF which might have allowed\n the underlying server to make arbitrary GET requests\n (bsc#1172961).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172961\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xmlgraphics-batik packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xmlgraphics-batik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xmlgraphics-batik-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xmlgraphics-batik-rasterizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xmlgraphics-batik-slideshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xmlgraphics-batik-squiggle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xmlgraphics-batik-svgpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xmlgraphics-batik-ttf2svg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xmlgraphics-batik-1.9-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xmlgraphics-batik-demo-1.9-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xmlgraphics-batik-slideshow-1.9-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xmlgraphics-batik-squiggle-1.9-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xmlgraphics-batik-svgpp-1.9-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xmlgraphics-batik / xmlgraphics-batik-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:13", "description": "A privilege escalation vulnerability exists in IBM WebSphere Application Server 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.0 through 8.5.5.17, 9.0.0.0 through 9.0.5.3 when using token-based authentication in an admin request over the SOAP connector. An authenticated, remote attacker can exploit this to gain higher privileges on the system.", "cvss3": {}, "published": "2020-04-17T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_CVE-2020-4362.NASL", "href": "https://www.tenable.com/plugins/nessus/135702", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135702);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-4362\");\n script_xref(name:\"IAVA\", value:\"2020-A-0161-S\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a Privilege Escalation vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"A privilege escalation vulnerability exists in IBM WebSphere Application Server 7.0.0.0 through 7.0.0.45, 8.0.0.0 through\n8.0.0.15, 8.5.0.0 through 8.5.5.17, 9.0.0.0 through 9.0.5.3 when using token-based authentication in an admin request over\nthe SOAP connector. An authenticated, remote attacker can exploit this to gain higher privileges on the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://exchange.xforce.ibmcloud.com/vulnerabilities/178929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6174417\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the Fix Pack recommended in the vendor advisory. Alternatively, upgrade to the minimal fix pack levels required\nby the interim fix and then apply Interim Fix PH23853.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH23853';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH23853' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':'7.0.0.45 ' + fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':'8.0.0.15 ' + fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.17', 'fixed_version':'8.5.5.17 ' + fix + ' or 8.5.5.18'},\n {'min_version':'9.0.0.0', 'max_version':'9.0.5.3', 'fixed_version':'9.0.5.3 ' + fix + ' or 9.0.5.4'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:13", "description": "The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.0 through 8.5.5.17, or 9.0.0.0 through 9.0.5.4. It is, therefore, affected by a remote code execution vulnerability. An authenticated, remote attacker can exploit this to execute arbitrary code on a system with a specially crafted sequence of serialized objects over the SOAP connector.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-23T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 RCE (6250059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4464"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6250059.NASL", "href": "https://www.tenable.com/plugins/nessus/138878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138878);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-4464\");\n script_xref(name:\"IAVA\", value:\"2020-A-0333-S\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 RCE (6250059)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through\n8.0.0.15, 8.5.0.0 through 8.5.5.17, or 9.0.0.0 through 9.0.5.4. It is, therefore, affected by a remote code execution\nvulnerability. An authenticated, remote attacker can exploit this to execute arbitrary code on a system with a specially\ncrafted sequence of serialized objects over the SOAP connector.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6250059\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.5, or later. Alternatively, upgrade to the minimal fix pack\nlevels required by the interim fix and then apply Interim Fix PH26952.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH26952';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH26952' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version' : '7.0.0.0', 'max_version' : '7.0.0.45', 'fixed_version' : fix},\n {'min_version' : '8.0.0.0', 'max_version' : '8.0.0.15', 'fixed_version' : fix},\n {'min_version' : '8.5.0.0', 'max_version' : '8.5.5.17', 'fixed_version' : '8.5.5.18 or ' + fix},\n {'min_version' : '9.0.0.0', 'max_version' : '9.0.5.4', 'fixed_version' : '9.0.5.5 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:05", "description": "The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.4. It is, therefore, affected by a privilege escalation vulnerability. The vulnerability exists in IBM WebSphere Application Server due to an unspecified reason. An authenticated, remote attacker can exploit this, via token-based authentication in an admin request over the SOAP connector, to gain privileged access to the system.", "cvss3": {}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Privilege Escalation (CVE-2020-4276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_CVE-2020-4276.NASL", "href": "https://www.tenable.com/plugins/nessus/135180", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135180);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-4276\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Privilege Escalation (CVE-2020-4276)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a privilege escalation vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through\n8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.4. It is, therefore, affected by a privilege escalation\nvulnerability. The vulnerability exists in IBM WebSphere Application Server due to an unspecified reason. An\nauthenticated, remote attacker can exploit this, via token-based authentication in an admin request over the SOAP\nconnector, to gain privileged access to the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://exchange.xforce.ibmcloud.com/vulnerabilities/175984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6118222\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.4, or later. Alternatively, upgrade to the minimal fix pack\nlevels required by the interim fix and then apply Interim Fix PH21511.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4276\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH21511';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH21511' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.17', 'fixed_version':'8.5.5.18 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.5.3', 'fixed_version':'9.0.5.4 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-05T15:14:31", "description": "IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T16:15:00", "type": "cve", "title": "CVE-2020-4365", "cwe": ["CWE-918"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-15T16:21:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.17"], "id": "CVE-2020-4365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4365", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T14:42:14", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-31T16:15:00", "type": "cve", "title": "CVE-2019-4720", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:ibm:websphere_application_server:9.0.5.2", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:7.0.0.45"], "id": "CVE-2019-4720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4720", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:hypervisor:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T14:28:05", "description": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2019-17566", "cwe": ["CWE-918"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2022-12-06T21:18:00", "cpe": ["cpe:/a:oracle:retail_order_broker:15.0", "cpe:/a:oracle:retail_order_broker:16.0", "cpe:/a:oracle:hyperion_financial_reporting:11.2.5.0", "cpe:/a:oracle:instantis_enterprisetrack:17.3", "cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.3.0", "cpe:/a:oracle:retail_point-of-service:14.1", "cpe:/a:oracle:retail_order_management_system_cloud_service:19.5", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/a:oracle:business_intelligence:5.5.0.0.0", "cpe:/a:oracle:fusion_middleware_mapviewer:12.2.1.4.0", "cpe:/a:oracle:business_intelligence:12.2.1.3.0", "cpe:/a:oracle:hyperion_financial_reporting:11.1.2.4", "cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2", "cpe:/a:oracle:retail_returns_management:14.1", "cpe:/a:oracle:hospitality_opera_5:5.6", "cpe:/a:oracle:communications_application_session_controller:3.9m0p2", "cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.1.0", "cpe:/a:oracle:retail_integration_bus:15.0.3", "cpe:/a:oracle:communications_metasolv_solution:6.3.1", "cpe:/a:oracle:enterprise_repository:11.1.1.7.0", "cpe:/a:oracle:business_intelligence:5.9.0.0.0", "cpe:/a:oracle:business_intelligence:12.2.1.4.0", "cpe:/a:oracle:hospitality_opera_5:5.5"], "id": "CVE-2019-17566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17566", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:14:33", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T14:15:00", "type": "cve", "title": "CVE-2020-4362", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:9.0.5.3", "cpe:/a:ibm:websphere_application_server:7.0.0.45"], "id": "CVE-2020-4362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4362", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:14:40", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-17T14:15:00", "type": "cve", "title": "CVE-2020-4464", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-22T20:16:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:7.0.0.45", "cpe:/a:ibm:websphere_application_server:9.0.5.4"], "id": "CVE-2020-4464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4464", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:14:20", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-26T14:15:00", "type": "cve", "title": "CVE-2020-4276", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:9.0.5.3", "cpe:/a:ibm:websphere_application_server:7.0.0.45"], "id": "CVE-2020-4276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4276", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2022-11-08T04:09:41", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for xmlgraphics-batik fixes the following issues:\n\n - CVE-2019-17566: Fixed a SSRF which might have allowed the underlying\n server to make arbitrary GET requests (bsc#1172961).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-1043=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-23T00:00:00", "type": "suse", "title": "Security update for xmlgraphics-batik (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-07-23T00:00:00", "id": "OPENSUSE-SU-2020:1043-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JIOZHMTGG4ETJEMBNIT3YKEQUXO3JNEJ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-11-10T08:11:00", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for xmlgraphics-batik fixes the following issues:\n\n - CVE-2019-17566: Fixed a SSRF which might have allowed the underlying\n server to make arbitrary GET requests (bsc#1172961).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-851=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-23T00:00:00", "type": "suse", "title": "Security update for xmlgraphics-batik (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-06-23T00:00:00", "id": "OPENSUSE-SU-2020:0851-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H26W7GQ5JCRMNMV6QRWEGLVRZVIXK3RB/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-06-25T13:30:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for xmlgraphics-batik (openSUSE-SU-2020:0851-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17566"], "modified": "2020-06-24T00:00:00", "id": "OPENVAS:1361412562310853223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853223", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853223\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2019-17566\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:00:55 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"openSUSE: Security Advisory for xmlgraphics-batik (openSUSE-SU-2020:0851-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0851-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00042.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xmlgraphics-batik'\n package(s) announced via the openSUSE-SU-2020:0851-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xmlgraphics-batik fixes the following issues:\n\n - CVE-2019-17566: Fixed a SSRF which might have allowed the underlying\n server to make arbitrary GET requests (bsc#1172961).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-851=1\");\n\n script_tag(name:\"affected\", value:\"'xmlgraphics-batik' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xmlgraphics-batik\", rpm:\"xmlgraphics-batik~1.9~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xmlgraphics-batik-demo\", rpm:\"xmlgraphics-batik-demo~1.9~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xmlgraphics-batik-rasterizer\", rpm:\"xmlgraphics-batik-rasterizer~1.9~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xmlgraphics-batik-slideshow\", rpm:\"xmlgraphics-batik-slideshow~1.9~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xmlgraphics-batik-squiggle\", rpm:\"xmlgraphics-batik-squiggle~1.9~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xmlgraphics-batik-svgpp\", rpm:\"xmlgraphics-batik-svgpp~1.9~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xmlgraphics-batik-ttf2svg\", rpm:\"xmlgraphics-batik-ttf2svg~1.9~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-03-28T05:46:32", "description": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T00:46:46", "type": "osv", "title": "Server-side request forgery (SSRF) in Apache Batik", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2023-03-28T05:46:29", "id": "OSV:GHSA-CMX4-P4V5-HMR5", "href": "https://osv.dev/vulnerability/GHSA-cmx4-p4v5-hmr5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2023-04-18T12:32:07", "description": "batik-svgrasterizer is vulnerable to server side request forgery (SSRF). It is possible as it does not prevent an attacker to make malicious GET requests on behalf of the server through the use of `xlink:href`attributes which allows access to internal resources.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-16T09:19:33", "type": "veracode", "title": "Server-side Request Forgery (SSRF)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2022-12-06T23:18:30", "id": "VERACODE:25693", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25693/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-06-05T13:35:26", "description": "Apache Batik is vulnerable to server-side request forgery, caused by\nimproper input validation by the \"xlink:href\" attributes. By using a\nspecially-crafted argument, an attacker could exploit this vulnerability to\ncause the underlying server to make arbitrary GET requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T00:00:00", "type": "ubuntucve", "title": "CVE-2019-17566", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-11-12T00:00:00", "id": "UB:CVE-2019-17566", "href": "https://ubuntu.com/security/CVE-2019-17566", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2023-06-05T14:38:51", "description": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T00:46:46", "type": "github", "title": "Server-side request forgery (SSRF) in Apache Batik", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2023-01-27T05:02:26", "id": "GHSA-CMX4-P4V5-HMR5", "href": "https://github.com/advisories/GHSA-cmx4-p4v5-hmr5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2023-06-05T14:31:38", "description": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "debiancve", "title": "CVE-2019-17566", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2020-11-12T18:15:00", "id": "DEBIANCVE:CVE-2019-17566", "href": "https://security-tracker.debian.org/tracker/CVE-2019-17566", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhatcve": [{"lastseen": "2023-06-05T15:47:00", "description": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-18T15:55:19", "type": "redhatcve", "title": "CVE-2019-17566", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566"], "modified": "2023-04-06T06:07:06", "id": "RH:CVE-2019-17566", "href": "https://access.redhat.com/security/cve/cve-2019-17566", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "zdi": [{"lastseen": "2023-06-05T15:56:49", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T00:00:00", "type": "zdi", "title": "IBM WebSphere Application Server SOAP Deserialization of Untrusted Data Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4464"], "modified": "2020-07-20T00:00:00", "id": "ZDI-20-878", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-878/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}