DATABASE RESOURCES PRICING ABOUT US

{"id": "DD1E4FBBDF4FA000EDF2E286A05EA634208DB4377C6B455CD048AACE3C0B8023", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Federated Identity Manager| All \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Federated Identity Manager. ALL versions| WAS is vulnerable to a DOS \nWAS traditional versions 9.0, 8.5, 8.0 and 7.0 \nWAS liberty| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service(CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service\\(CVE-2019-4720\\)\" ) \nIBM Tivoli Federated Identity Manager. ALL versions | \n\nWAS 9.0, 8.5, 8.0 and 7.0\n\n| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to command execution vulnerability(CVE-2020-4163) \n](<https://www.ibm.com/support/pages/node/1288786> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )[ \n](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional versions 9.0, 8.5, 8.0 and 7.0\n\n| \n\n[Security Bulletin: IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability \\(CVE-2020-4276\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional versions 9.0, 8.5, 8.0 and 7.0\n\n| \n\n[Security Bulletin: WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability(CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability\\(CVE-2020-4362\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional versions 9.0, 8.5\n\n| \n\n[Security Bulletin:WebSphere Application Server traditional is vulnerable to a Remote Command Execution vulnerability.(CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin:WebSphere Application Server traditional is vulnerable to a Remote Command Execution vulnerability.\\(CVE-2020-4450\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS ND traditional 8.5 and 9.0\n\nWebSphere Virtual Enterprise Edition V7.0 and V8.0\n\n| \n\n[Security Bulletin:Remote code execution vulnerability in WebSphere Application Server ND(CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin:Remote code execution vulnerability in WebSphere Application Server ND\\(CVE-2020-4448\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS 9.0, 8.5, 8.0 and 7.0\n\nWAS liberty\n\n| \n\n[Security Bulletin:Information disclosure in WebSphere Application Server(CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin:Information disclosure in WebSphere Application Server\\(CVE-2020-4329\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional 7.0, 8.0, 8.5 and 9.0\n\n| \n\n[Security Bulletin:WebSphere Application Server traditional is vulnerable to a Information Disclosure vulnerability(CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin:WebSphere Application Server traditional is vulnerable to a Information Disclosure vulnerability\\(CVE-2020-4449\\)\" ) \n \nIBM Tivoli Federated Identity Manager. ALL versions\n\n| \n\nWAS traditional version 8.5\n\n| \n\n[Security Bulletin:WebSphere Application Server traditional is vulnerable to a server-side request forgery vulnerability(CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin:WebSphere Application Server traditional is vulnerable to a server-side request forgery vulnerability\\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2020-08-25T23:55:00", "modified": "2020-08-25T23:55:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/6322705", "reporter": "IBM", "references": [], "cvelist": ["CVE-2019-4720", "CVE-2020-4163", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "immutableFields": [], "lastseen": "2023-02-27T21:51:44", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-4720", "CVE-2020-4163", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"]}, {"type": "githubexploit", "idList": ["91A6DEF1-A9B3-5679-A098-B3DDA3AB5069"]}, {"type": "ibm", "idList": ["0027B7BC4A216055C44EF0230C4FAABC4052A1FB375CF00355DF972110230701", "024E433C6FEE904C3C81C7AAF68960B1E6AE1265F3D8A2E4691310AC6F6E0490", "0266AA0398843DB73372101AB68C82ECBCD4CF436F5F4E2E3977DA1F1922978F", "02FD10030B8366010758D75673B2286A0CD064A8561853F6F314CF7B7BC8B298", "036EA0A600E846F6A02DD17117A50C0F70F9BAD404250267597F62555F45EA04", "03A21E2CEB2AE80B0CB3845788EE2C252B219A2161281A588F3A3FABD346F890", "04ABBB708923892B731E5E85494310295FECB96BEABA340DE48D8A568440E716", "060D3FC79AEC6F245510B1C6DC4349BA6ECD4B42B6857BA70D63BB7D9BF14A10", "0676DC64D9FAAA5543CCE97F95B289A6DF997F20DD2C5C84724916098603BA58", "089B564037CD6CBF124F570A0074A8E6C37E90240BCF8C5297D2EBD444E34F18", "09C6ACF80628EF8C73E427E1D21F5A5A497D751BEB43E7A41354136EC7AE4215", "0A31F68DB301963B3E6B50623943B534F8703E61281AC8C52E4912E862DB85CE", "0C038CDA732599FB8473E4736C402F52CBD3370BA675CF3442AFF74015BC86F7", "0DD7AF43DE97763E0D93D1D019F9D4F482815C909438E3FDD9E285D6B2ED40B7", "0E85F055F69C36F1AFCDA9AA4C7476B24B7826864D94024DCA43C8F828A3D547", "0E954BE815796B26C7D4ABE2BCCC21DC5663BE0814B4E5F3C1EFE68319DD65E2", "0F7411C38D450D0D17C9E0514668E2F096EAD5FA2260C48F544A9D0EC99938E3", "104E5358C09C4A12262672713C06CC3321584D57C3884021EB6B32EED2C9E8BC", "10AC97834DAC039582C75FE207180DB11E7A075EC391F2F7FF265F504F9EFBD0", "113259207D52BE413F3CAE31F271253A23E845C8A2B64D5637DC8B875CD4F3ED", "1253187CB975635D45D54CED51835E24ED8D38334E8F956710D4AF60E30CCE34", "126E1024546918D07264839DD88F2FF75D58789A0F611D0689966886112B533B", "136047FB9A6CC775B21ED950DA844DE6E617DDB6DC4A2EFBDB0E599871DD5A00", "13C40A6CBE05F1EBC98A3343C46231D7A4A26A1F59A30B9A4442C8D192AAF443", "14082B1B5D41B7616A5E295FA25DD7F0E1BAF096180976605B25CBAB04D957BC", "142B1BA6B62A94740D651FE3E4D0F0F6D477022D6F17F392FBFC30D1D4D904E2", "154976217130EF4C017061ED199482E4956FF91CB6AF94EDCB8B76B1BB6C9BD1", "156A3B35248A902A31520E1E26268024D08ACAADA592F6B7B992C4E70D76ED8B", "1789DD677115A931C8718DBD3105CB40D233231B07926E1BCDDA0E9CBB32C539", "18E621F0F891502EC45DDC6B89E0902CD622A378988F5BDBAD2142AD1B50C8D6", "1A83FDA14B5CED0965592F785AAD417C5A928E04B37BDA766D24AAC82252D6FF", "1A86238F7F143F1D2CDCAF13A7A5121E2734C20B015C44303B08AB3756ADAA1C", "1BFA2107A83F5EBB50F2D9856A4BF86EC74B8639416128FD821C1E4667C6C885", "1C0D8FC2A9F7C68A34516E16D0E30997245D9487C0AA3C2F80109E35400A48A6", "1C1678518312F18585D48228E2C4D89CBF458CAF1277708839EA38E32D0F11E3", "1CA5EFFF48503220FA8729D288342161A3477C54DF435407E3869B260531E400", "1D175F9C9806A85668A040BF3EFE408975FAD5D82ADCF7E6B3A57BDC6C5B6AE8", "1E76E66757B905D512C740D322950D737203ECF98B0EBD0F9C376F0820E1BE47", "20275B53B0179711A539FCD72C61DE61752A9F0A0950F1CD32E564B47C4B4B5D", "208BB8226406B64EC592EADCAEA6E1394348CB78C55701615E907905A6E4D5B4", "20FC8D083652BD9620AA16329F2B0D169CF687E1B0F904A9AC013C7517AD365E", "21A78502CF868CEFFA6DC5C776E16EE0EDF33BAA9E7F3DE611912CC218BF6C9D", "246DDD1D57B18760EE4043AA129693F2498DBCACE4CD31898F949828ABE88FE7", "24C171D2EBFBD69CF6AEEFB17FADCB6350B347E61036097EF3A9343C6459084D", "25CD6FE340F22514220FD6473DC911FECCFC9E40EE608FECC7A422AEEE34ECB9", "26289C49F8A28DA67CE8E88E0B6A5EF7DA86BB2689654E94DAF730B00BC2CF30", "264C02DB84560D43F15B55FC00827F64C8C799EB4813FAD5C111008C8E131691", "26DE322353839A2A6A6FF55B4A4D68A25274B1E4BB334E19FC968FC6A13A9983", "276311EA26EA41FBAE81DFB3042788416A0F2799192780CD6BCD5F7081C47F5C", "280F22C59D289D09BF95C27BCBD4E75FDD23E4CB97EDC3D26F891DF09095112C", "28D67D71E0A49DA748DAB4271A51D4BF6E47E878D9BDB0D0C2EC8FAA318386B3", "28F8FE772F7744066E89072F94BE119B652D05DADA694784B7CCD72965C551F7", "2914FEBDB9C3A10FF959653391FD46E5CE5D8149716AA8E5F6A4586D4EF64561", "2A65FC125DA729940F7D04409677484F9FC90234EBEC407C2CC3CBD042F7D26C", "2D5B7158FA969D9DB99CFE9C3918468CFAEA69A5941EF226D21A49DEA14EA206", "3025667363AA4FD0A84EA6FC4AC56CB4074FA1571D208441ACE2404576480801", "3145AF0C5406567F174CE24AB15ECCCBF1EDAC271CA314F0505020DA0354DFD8", "322B01DE222750C7DF4CF590663CF3B36A1750FAC696257EDFC9883D18F41115", "3232C7B9E70E383B5AE09D73906270A291B31B182E495602F14B552D84A46882", "328F3B5328548A036396C2A723E81D2154BAE6EA812619A9CD695E9344ED0E3C", "35A8B908BE6A907E21280C68DBD7C12DD15E7AF64D1204CD2C6EEC2776BC0030", "364859E66DF5396F2476DBDBA860D2F346C5976AAFDF667EE1708BBC1B8C4F1A", "378BE0AE9115556839B6838DD143454A31F920F6E06B153C6C912D736A8A5E6B", "38196E5969E3832D5283656E865BC6AC8E6148796AD06026B314C2AFB93E932C", "3B6FFA1802620B3837E9241495B519A902FD546289DECADF7240559B78CE4CDA", "3BEB441D10779A1942BF02B10D6A1555A8433CFB0B2D08C01720323538A45578", "3D04811CD7C9B337157F4E06A7E1B2584D270E7E69B726B8521CEEE31E88AF6A", "3E9E58CB133C398A1E07C6770AAE40040AA7AC2816C667CD2848FFBE982ACCBD", "3EB3BF74918A901EA4F933E03D07337CB06D7655EF279D7C9611B674A07D5DE0", "3F0DB6A6B43161E807AC17CE719A18BD26C81F3134F4959AA51E211376F74BD1", "3FB4899A3FB4C7FAB480D72B8D89C0F7ADBEBEFD1C82260C0DDD1186FCFD1DB8", "43889098AF27B56E1AAC2C0ADC87D15751A2B0CCE3BF25260E32BBE3CCA7CE93", "43DA011A37CE03FA64B094E9F5770A93BEF6CF43E03F703E6569EEA76986A4F8", "44307B44119A69F2A7E2E3CC5B1FD7B80E121C1C95887759C5496379420C526E", "44783FBE5A56631F824B0BD81DD9283D986371A072B0452A51C478BF8C46E0FD", "44F8F51D369D3F744AF193AB2E497189282F22F94B8B3424EA2B099B5580CD94", "451F72C42C9FA5B3638C6F2233F910FC635FE2A09DB2B0F71474AE8603F61D92", "467CF97BCB360927DBFFE98B67B787639BE1F772AB145EC498B8B01C4AC15F2C", "4689229757FEEE3157DB50BBAA82DD9376C6E8034EFA62377E0F8FD1D5AAF35A", "46A70A5DCC82B9F0BE8D09EF31A748079C7C3F6ACC5769FC8CF7E487AB1D0EA9", "47274321AA3430917FC9FF88F99229CD7614CD6268ABCD535250486839A8D636", "47377382FB42339D4CE97A4452C254F07E69CAE5413DDD356B24FAAA26841F46", "476B017015C7BC4F8F39C2B41A3D687C1FD9E58B44A524C0A4CF05B7ED875145", "479E27B6C804748037AC1A6C1F595E1997742C2106CC3FBAF31ACC193F934F11", "491347999EF4690C54EC87433EDC5E1191F7E4125190BB83A233E670265F9D9C", "4A7EF571EEA2A8213F4692C6ECE597377F0A591F1BCAAE249C6384ADA74DAE91", "4B303BD1E70F5C5D6265972A63E7AF0B73ADFA56F9F541F460E19551881BDE11", "4B9B5973ECB6BF9D964D666AB84A86D0BE4913C96B2CD56E503C78B2893FB8AA", "4BEC8E9463E4B27C09D4E3ECF5C98A9E0D6D193C06E6EFC3DEDB9F41368D7DC0", "4BFA3A2F692D8FC8DE4F07BCA56AA58679411D74D1AC3CD28957EF6A817C1264", "4C530226C2C82FCA90A29F26A05A9D0BF640534450027EDE7596BB30563A3845", "4CFD829FC5689C830F733DAAFC137E197362F6BE4BEBE94E8E13BF7B2EF0B11E", "4EAC46D04DC53B6501531C20FE7AAE74EC10E0BBF2695B39FF14221C456CE337", "4EEA40866A50FD47B88CDEDFE5D4501E3C595A076C9874F03873B7D7BEC2B0F8", "4EFC1C9A82D1F1C1CD8083DFC2150E3CE56082C5F1AC6970481FBD1FD6B53E24", "4F2D82A4F724C8AC105424E03F5FBC319EFED1ECC4C4FC502E3EE79470EB24D9", "517947F6F9BA3A7F69C71293E6B1F34569BA9AD760E0C3D2D7E40E021D778F2B", "51C64898345F327DD93881C52DC0BCDB22915CDD412C72A65BE394B7A650FE83", "51D185DB29AE6E4FAD71119D872DA0F52814A6C17A59AD1AF9B79D0668C33FBB", "53C2D6108C86A009E8DF79B01F3AB09612F1229287BA2C61D59C07370C06173A", "5479016BAA7B0A616F29476084C644D02FF1C17434D291A25C27197950291C6D", "5491D85BA33DE0761105068854D2FE27A2EC84B392A8DD5650C0C42EE652D13F", "54E686FBB2E60A0BDEAB59EFECEB36D61C77A784661FD44124BD8864158EE317", "567625FF8DF333D5C563E40EDFFF9516FF13EA40EAFE9A2E68635850284A1A44", "574FC031AF9B64FDFC8B0BF65E22355456EDFA4CF1ECE74E592CA6972407F30F", "583B4EC604B94C469C4DE44FF99FFC90AB1BE9C2A84ECBEDB90D7CDD5FE2E8CA", "5918C016B20B5ACA60A7D119FD2C32C94F0627AB911B7E60826658D357145A38", "5A5125925EBA02E1F8D635FF8A050A4D44668622DA9EECE18E8D3B2742917CD2", "5B1CAC420B37804647C541FAC183826F2E21797B0700F6651A1152500668559E", "5CCD6848CD0AF24F2989DD5C2CECF36D94FA0B0D4C7812A8B2EBD86628748485", "5D8C40983A1BCB78D36B7DF2374D6AE029F0F4282200D955A0BBA8DB40749562", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5F3403ED8D02DAA10FBA538CB4DCF56BD8B109CAED21CA46B345AAC79FF9F20F", "5F827A68A711CEA645DB4E8B8A1F2EC175FE5BA3EBC226822052C0EC397FEFD2", "602F7DC12145A4C85D2027947D4108B54FAD7C292FC222DA0A6A2CF4FAF28D0E", "6079493219A5CD126F67C75B3C09C5C1FFB49FA42B2B03A1539A4146413F8909", "6081C063A4E9E732CE9C73EECD35397CC24D23284D3B3023EE530CBF55170002", "61C3F15886364FC22D270B27228FD5FA37CCAE5CB24408C225EC21FF0A7ECDF1", "6319DF1B256EC58709172407AF4A25DE3588354F1CDF0FE760752C81DC6DA075", "6410928DCC3EE6210B8A931144F99FB7E61A416419C565D2F9FB4B7FD8B6C313", "6460D41996E43CB75276902519E15745959E2FFD675E2119EAA294B305A37593", "6558AFEB72F9052A7DDC452902F768EE59867F40CAC6B3E8ADA809260B835C7C", "65AC33072AF8ABBAA1E90D22A6164663D0FCF7967CC7051A7C6B601CEA97BF53", "67146E2A524C8FB5A1DFD73F1DB4911AAB49B852B996D26C9FDC1C6AD38C7259", "67346E7CF572D0FD43CBE4D97B778DE1015A3DCC028A4479108AEC62026B45CA", "693658DCE0F371748D69D63EAD5B48AAC0350649F64CFEB925F5CA6BD3E2A97C", "6A0D9421C284C29C699BD48273C99B57CF4E764A76760B5A163F68BA4E03AA6F", "6A4BBC92633A5E34B48E1547834611BAAD85CE223FC5369B32BA4F23A5EC9C73", "6A6D3443974438B65979A6338422445099F3CA76DB149428DB7450AB644D4F69", "6AEFF4A1E2CE43A6C28306F76FC53576CD3450EAD0A3066EC2E34BFAACC1BE07", "6AF6A75AB47A85BD264ED489D020A601CD49E58065CEDF72F8DBC129C0B69CAB", "6C0B46071036140AA51372906322730888C9E7399B10A1E9F089A640862B19CC", "6CB3202400B08BDC0F116767070A82B101B1A71C1D2355A079A0BE5E4BEAF9A5", "6DACF9FB79B594FCF38911A2B3FBC297D4B44B6B3E8FCCA3F314CAB99C8A9772", "6E15388FEC4AEF961ACD45CDEA784062121BF39A5E1909E3C780D0C5147A52E5", "6FA137EFE432E9DB974E04AE47D6A29DE89F27AF0B1E37EBA756CFF32ADEDFD7", "70206BCCE747ADF9964BC5AC7DD6EB8D8DAA93482BF8885A9081AAAB7BEAB1D3", "717EA7B7E291CEAF2956470CE508AB38C2BF8E63133D28CF594496671ADDDEE9", "728CEC9E2AADBC1EAECA74EBFC6AF4B992BF257D874B5690F28658D55BBA390F", "72FDC7ACE37453A4C45D6056B76A38DAB964209EA3654296776CF200F9BBCFD0", "757696CF6B25D861147516A0233F27AA8ED63CE44EC3D079E6265FF809DBCB35", "78C2B6E5C31A83184435C2A8259168843232B1DC2676388B86B8ACA77646ECE5", "7979F374F3FDCEE04A52C1F3FD0D3AE9E03E7D120B31CDDD249996436DEBC159", "7BA12B7A2C2BCEE40A55BB21BC529BDB0D9B20B59E6F2983995AF5849503866F", "7CFE4148F2D6B078278A801A14E1C31CDAB42DC22DFFD4805FBEC49FC0427911", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7F64ABD83A792D617A2AF9021224D3891ACD98806409091724BD7F4981A1DEB7", "7F8C5B286D46F7C07594D83B9BEAA8FFE7516BE4B7A585530E218AC7EB0CDC1F", "7F8E6554F6DA398AA724606DE234AF7EF09A532D4299A3D1BE71DF4204B3FCF6", "80F63C4DBA4692F1399B8419C02ECEE29E4B32D85EDDE77D136EB81CBB859B9C", "8275C3B123771E721297381D0F66E5CCB99C5D5EA14F12413C6DF109D950665B", "83F9C2B06C1FB5280024A1116E09AE00874EF5A62A4F6FDDF8BD9E5A20339284", "845034F004D5E87FCBDDBF4DF19CBEEE3865967F212423D2B39A2634A34BBB84", "848E27A2EA9FEF540CDD7C88A02AB6E969B8CC061132FC697DFCD865A950FD05", "84A310ED49DE6752B94CA056CE617FCBEDD44DC4D9D5740C3D037B5256856767", "860573F040C03CC664808FCC2BD448C2ADD9020A5F541F32D1E0724CEC95FF56", "86BC382413D13FEC49BBCF5FC0129F8B83C058E0C0CDD0CFC599911E284C4FA7", "86D81D4FF071D7D46BB506C67EA7CE93C082F0DB66B01AA7474850EEE2C3CBD5", "87C8C87F4B6B5E4949B0BBE1E6C16D7511DCBB8AA384A4558293B4D8FA1143F6", "889AEF340E86A1FF8AE75CD323791BF93186173C5DCEC257F97767066CFAFD1D", "89289E9A98285CD79B0D3F1F025DD0EAA5E6629F7ADF333B9EF34FE380BACA0A", "89889D01EFEB2906CEB101B24500260E255984420DF03BB57D83997D812CEE0A", "8A09593708E8F8CDD4DAA18422BE80FB43480D3CB775D53C90BBA71C59746D94", "8B09AD4AC24D6E8E14D92335F42541805069E1DAE6D86CD1B6260B5FE019BA73", "8C188C0D2A0502498EFDA98119EA020FAB6FAE0E7E28A0DEC0BD7B63D17039AB", "8D6026A8B75A9503806B82A5E863E274DD1C9DBF5E2C681957E38651C3A54051", "8DA236BF190960C2E20C01B1DDE110742EBA0BB278E6174D1B98558B3FE80575", "9081ED85EA10CB575BFD1EB11FA27A662DFAB7101202111CD17F820A9D435CE8", "918EC90267CF1760ED229DE75BD576095419855F5087F191C08D402ADF7504D9", "92632CCF2E5D968091A91A66449BF402408AACCDD70624AA9ACC2E9C6CAE4822", "929D837DD9C3EA90C20AF84418A0A2BB1D61BFBA6F69A8B90EB5479898403F5C", "92DDBBDC460D6543CB9BFE965F63EDA565CCD1EA4CB283723A921DEDE857ACC5", "932925E1037ED82721BC6DC142A9C2642FF0DE1519D1063C1E121B0FF0B92345", "94D98A724C65795259366B27DC62DDCA553E24F05F99EDA4357581E0DC622EB0", "9548F3BD922C19C55E9391D4BACA8EA98682FB5BCA396DD8812365F4C30867A0", "958D3B4A5A0C1FD39CFF6BC608C4A1729951FA8F9C647E5838B8F638A26061A5", "9597A8DA413DEA047F25252B086CCCDA7543FCBC7042D730228D872AF048DEA1", "95A0331F3BEA1EBD0D529E31AA0CFF972F79A25ADF9D95A777B7B0FA5EA42E51", "96131552C11C489EF2F142CAF94550F397BAD1654456F371568AEC0B3C92AE59", "976F919FC290A9CF04D278802234E03FE2D845802AC74A80B70EA7452D3CBBA2", "97CDC805F58A9B1C47D1FD84E32A701014B49D66DDD17B2EC600FE00B246D4A3", "984C658A69722C7E2D34C03CB9FA5EF111C30C21C8A4692FD40619BAD0DA6426", "98753DD5A47155B43FDD85B8F35D8CA58ADD17824EBC1C028635D87D3D94F55C", "99126F9F2548EE2300C741A1541AAF9CD2E67330BBEEA99D1CCE5C23EA09B155", "9BB137A2C15EDDA2FAD8099BF31EC43072DCB5CFA903CDC8CF3248DC677FE923", "9BEFDC7405EFF7F814FBDFC6EB393149CC340D149F755D0B92AEF1023D307A53", "9D7FD6DC3D23B9AA2877CA614CACDB3F15251A647181CE73726134987EBD85F0", "9E1BB215B06E70813889A210BA1C63DEA88480C8704FBDA41B1612E059BF1140", "9F51227A933365BAB4E61C4D1E8695CE3A2CAEAE27CCC9C6EDD242CBF9439834", "9F96BCB8F23184B1109B352C6B12962076F81364ABD4DD5E1245B006FA40B919", "A19C7DB3D10F228B0E192F9FC45BA5C4EA1CC1B39C3D650FC46AC90A6A37E1CD", "A1EFACF2069DC3D9306569DB75291E800141DD6232DEB3E7928DC96CA216C1CC", "A2924B4DE05BD5A9DE02BD29915404543555C0C4AAE9016A5C570D5EE0CB6EA6", "A3C55652F9A1A6B8950F7BED8B0E4416B16DE12D384B96E9E34E2D40FA65D07B", "A462597E864AD65DA6656B7C0FA815E09E3D4D6D1AD26999BA801B825EBD63BC", "A54B2A63BA824E418D670DD4A99A129D46DEC3540C248C5B12354AF043F2F37D", "A5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673", "A723DDE407BAD02EA174056C8472D7F717073A89A2422790546E09A7047E1824", "A778665E3A13285610D462BB48B8B364C628140C0274B757D7504580D6201440", "A801C0134AF3AE69F120F9758CA8985C815F0984281741FDA5A847A1ACC66AFF", "A82D1FE5C0126C50932D1B8F52EF997BED24F0CF0426B8762283AC62E8F3314F", "A8B1328EDAD509E1D76C6016AE0790BC81F18C61790542709096AA8E663BAEC6", "A8FA0CA82D0B99F83999500658131D63342A6D01F0626378469C4233C286CA4C", "AAB63CA611C91C086C2D2BC4EDEABC95ECFE557C5518B51036200FBBD8C29B34", "AAD609CAA94C916589F4887D6CD5C2416E4F6208E4578B25FA022618187A432A", "AC35051BC6AB9DB1386243B836C6CC6DAF7C75D29A1452FD1D4798752FF0011A", "AC7F6D3F22DB98DE04B543B6A8A38D38661980850F2DAF0547C8339C9D5916A4", "ACBEAC66D4C77E6E0A8CA29C8E2103087D2D4C85F414F793D1FC336B951FB25C", "ACDFCA5E93908C1CC35E54B4EF854ED57BCD6CD2641A3590CD2418E8BCA917EA", "AD39C416EB5696DBABB8F348C24A823CB98337B9E36B23DC91AC6C26EC0E76D4", "AE00FB59C4C5890B5FB641690EEA9F234AE860A6025824F78EBD0F309BF503F1", "AE9FCFFF0398E144DDAD797967457B662931846E8FEE6194A2655AA5B730BCBC", "AF1E7C0E7AEB6A7745DD28859766C9018DBFD2ECD10FE9D39C7EEB35939A2141", "AFDFD85F2CF1D11E09505DD0597E9BCE253A4C4F2F99EBAF3B1A1745134605D2", "B116CA1A16BF0B18FDDCDD97A4F5452B428AAC2A873B08355C3A6BF315B1E56B", "B2614B5F45778F9EE075BE8C3E09C16A3FDF1090E52286416A11A1DD49FBA2F2", "B2A50DF3EC1594620E8A37ADF929CB730D5142281927CA3F2AE3C4F02F910D8B", "B2B33DC1DCAEC07D9F9164E0AD1390F5BFB58C4EE2BDF74B976625E39A9F5AF0", "B4FE1B26E5C26CDC219CEB5E6DB28E0AF62C714D0BDFC3E7626485AFD5DD33E9", "B60F2DE561421149178C0830D6DD1EA4E4B1D14D2A06C69E877CB955E38F038A", "B7D7C09AA3957447FD5B3D3BD6AAD56CD3C7645746D04D52839C4B2817CED9A1", "B7D99DF4C04CF5F3A2B3D2119C254ABE8CDD229DB7014A05C47081E83C530B8F", "B9E90543C3CF1DFBA0782BBC29DAC9E1D62AB90500B4CD771DBABED35D5F3C0A", "BB10AE6ECC0D5DD501E59CD9A6BE2628F75F07590CB562606524AE343280DBA4", "BCA027FA7D68C9D2F6EFB13F806B8079B33B6915652CA3528C215F14F4BF5136", "BF65060D894F88440887145F957785E7DC97CFCE4B58544406F33D1BDDF7F3DC", "BFD3B2B780AE5E2B57758FF9D1854E539D0BDD7480D41CE99BA69E3C8264005C", "C06037486063080DAF0903578E651F281F08105507F07A61B0292AD4FC96B7DB", "C08E3F7E80BC2FFB6ED48BD3ABABD26A2D9461FCFED33ECBE3A11C218EB8646D", "C0C0BE37703E3B923259F980A7F946DB540E263A82DF998A29998BA1DE07B6F2", "C10B30573BB16D4B73DA5320A6A7729687AB01A085F118A116F2F5E15671822B", "C11CF873A12743EFCCE724C3D9BF2DF5042E5930EC48A94B6035A930F64719E3", "C22CC0C04AA48102CB2EBEF5AD691FDAD7FE1267768536619BBE66401698B809", "C240BBFDC8BC9CE0EAAFF7EBDB320E1A1CAE89E9A580402A7B118BEAD23A73D4", "C271913B2440899C08A55447029AB1A0AC6DCE6638B3B42E74B54F5FFEB8E397", "C3E3057AE135C2A7A4474659D944B8AA77F9FB34B2A08C461CCD38E75FE32089", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "C5BBDC2C6AEFF9AF49FB76846A90DCA1E5C32D797CDA76413334AD5A0140A150", "C60289D204614CD6F487491D985F924542C108BE5DDA61A136A99A5BF2EE3F15", "C658FC5F35EA81EA139B8BD636CD7716958E2E2F1D560D0AFDE22AFAB6106BA0", "C6780300E3EFD7F6811EECD650C04D87FD052560A5F1FA302479AFF8AA4F7FDC", "C698ACD8BD878FFAF13B5530425B16956E9503FE860A025CB74500FC8F4D6D5D", "C9392554200379AD1B651B7062D43E6DE91F890D7B000CB90FEAC912B97F65E0", "C941A2D7630C1EEC15E80BE6D862CE593ECABDE4BC36E967811030825C92AE29", "C9DE4845305DF0F83378929053ED892F37959591039ECF2D78BF547B6F112585", "CD6CE1EA5018A8903E7A1DF62D25AAE901D29273E2CBD9DE7FF1CB85C2A7AD36", "CE7B09FDAB4AD52C4D2DF48D876D11F77AB8D075D2126DF86BCFAB3FD1F6D522", "CF174A0C802B258BE497E95C1AB75CB0BA5BC063A9CDA393BAB389F5B2C51195", "CF782C8525FC8DB54D626B0A2477C9C2C733AB8AFB871FD1A450DF8F43FE828C", "CF96155EBDBFEB76CEC027341CADB800CDAE0961E8A5F5AA5EFB7272EA972F66", "D0E9A6FEA2999AD188DFACA4CDB52E09ADE22AA518CBD8BB87F91A5E6058C8B4", "D1EE65B724C053B8C531DB8F905A57DF1D402D875E50E3E22DD86A5856E65A9D", "D3880C7852DB9EFFBB3B76955322352B435D1896CD07A0825E679BDC935BB4D1", "D414FED16B358AD7FE6B00E67C7AA1DB43FD19DDFB901B5F7ABA9F0E20BEB6EC", "D48F5D967CAB789B94C7E1D084F92F01492F6ACFBE7DCFCADD9E3FE725B16F75", "D5F5876D51E1333B156D6BAB7A3B9B711BB9B026AF79134525B9F927D3CE884B", "D60D57EFA4A9B75D8B6E6BC8F4E94F554FB269EE38050F38183128A4652439AB", "D749198CFA398E3FE70DB177828133BCFDE49DD1D6A4B6CD094FCE9101F991A4", "D794EA27CA7E3FF8825CDCEFF3439F08F1C4C2B94C2E54C22629BF94087D371F", "D91D5DB5A40E711632B505AA5C086735FB04E313FC3A69BB0D647894D124C07B", "D9DD7B1E68819557246CE052C2A1D441B9E54DC8325262221F36E256E53A425B", "D9E8D125D2A5D32BB22B755D0193D28F3F5DE0A694D5EF40ABD49E19443F4CBE", "DAA4DABA6D4AD880B32991804FF059D1327A280E15A36957E2C39E65B856C0D4", "DABA7DED974B2398189D6CD437940649E019A14178C8AB32F290EB35C8669636", "DB96F671D2C03801FFDB9E0404F5E6EB5CE8F28F9A4DF89501AEDFCF7E039266", "DDCF25AFD495DBD7D06398438314BF7845A2CEC74BFE45F295C9CE67BD318E39", "DEFBED52ABC2310EDCD812EAE7D66EFB050F845095358FC260D8C8294857312A", "E01AE27864F5D21E9DE4882755AFD601FD4EE9EEF1B77AD913AFA5BAC1F8BF77", "E2B86254D720126A86E0D868B69F73304F67BBA828605033D214DA145B7078F4", "E362EBCBEB18984C3F95A2E9B16F0D6BCB101E27F50F764417CF1574FE5064FC", "E37521CF9AEA15A506E74C8F2964CA01FD757349E010363B351F3F67EF6EC858", "E477BE4D73F72972D5ED04AE1F52E86348D8674550100046AC9C2F465DC3514C", "E643425D7938402C778E161E848033FFD16F90BB75AD7E88227977F59105471B", "E6EAF3170FB82D4A238102CFEEBF92C9C4B66B1EDFD89834BE743E597A8A2CA5", "E77519A266E041C456859C6467B28ED477072E9AF9B24EB739FA27382286C341", "E8347ACAF81B4BEE7BCA21CC0C47E2063445B19E9FA4E4431CEF5FAB5FF7AE86", "EA52924E34BCC16950981552A3FA767720FFB0ABD2C4348121C16E9BA6BD4C80", "ED45B3D03432EA991E20FCFB7B9FD0CD25D3E1B834197F239D900E5975F863A2", "ED5493758E1BB2264B2528B7BFDF7459C01FEC351EDA1D8EA5F345B3F0121AD0", "EDC8FA617866F99772D842D31A33C6C6C4A0DDAD538375D9285202B64BACC05D", "EE8D3A0FEFA67706787A5BC66641D09B2650AEC307F61637154D7B7341BF2EB2", "EF0B8ABDDF0182AD0AB63DBD4F3EA0B3769B57CF195F94A299C8DFE53DDE410A", "F03FB50DDB13A9CC53CE5198B9C5207C578A0E1AF3DC8ABBE4C0CB13C149FA21", "F0F6B314EFF00F10A24D71AC701C8D020FAE17292397195CFCABDAC91A29CD99", "F171D1A128ED9F033A8E4EB7F107F3B0F58ABA4074ACD771E59F004AAC676A0A", "F1B3634B8733584864D98B4C436B7290E24275D03ABB8EEFDD4B8AA27AF04574", "F2C0FD9B6F69E9045C9C79CC5F846E47457E4B2414EED330DCE2A52BEF475BF0", "F34B5F292CB847FA020D7DE6B1D106C2936615E0FDD5B4DA8BCD5F33FFC8563D", "F3F782D7C52FB7EDB2E3360618EA58B1F3470CCF5FC14BCA7DB46A5535A7293A", "F4188E3B827097B5726FE571691C7D8BDE2707668C61436452DE873879AB6FA6", "F4CA880341B94608CA96ABB2752E8B1E313AAF497D8551E7FBFF02076E793142", "F506FF540835CEFD27133D3CB3A0A3BA032DD083A74134905F9B468ADF436E2F", "F7CFF765DD44AF112B428A21101BB56DAA4C74B46BAB3908CD6DC291CDBDCB3E", "F86EC9FF3B8441D604188E8D4A544D12F4D104D2648ED1F3E5D4365DD9731E02", "FA2C72E4AFA3A62959089AF8C9092C1A2A774A232D182E26C4A2231071F1A932", "FABCEEE5B42810F7F58BD1AE35E9269CF73FDE1B795432FF4E88BFDBFFC41988", "FB14AAD69AFCBE5F3ECAD3CB731D6D0654F28E9886622716D7B202ED45C197DC", "FCE07050809EDF0FDD5519879C9E4BCB128AC13A84C2716F0B87AC89A1907CD6", "FE28B8898498A227E2220C2F9647F725699EEA511DFACC3A1387E05664F8B1CE"]}, {"type": "nessus", "idList": ["WEBSPHERE_6201862.NASL", "WEBSPHERE_6209099.NASL", "WEBSPHERE_6220296.NASL", "WEBSPHERE_CVE-2019-4720.NASL", "WEBSPHERE_CVE-2020-4163.NASL", "WEBSPHERE_CVE-2020-4276.NASL", "WEBSPHERE_CVE-2020-4362.NASL", "WEBSPHERE_CVE-2020-4448.NASL", "WEBSPHERE_CVE-2020-4450.NASL"]}, {"type": "redhat", "idList": ["RHSA-2020:0556", "RHSA-2020:2054"]}, {"type": "zdi", "idList": ["ZDI-20-688", "ZDI-20-689", "ZDI-20-690"]}]}, "score": {"value": 2.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-4720", "CVE-2020-4163"]}, {"type": "githubexploit", "idList": ["91A6DEF1-A9B3-5679-A098-B3DDA3AB5069"]}, {"type": "ibm", "idList": ["09C6ACF80628EF8C73E427E1D21F5A5A497D751BEB43E7A41354136EC7AE4215", "280F22C59D289D09BF95C27BCBD4E75FDD23E4CB97EDC3D26F891DF09095112C", "43889098AF27B56E1AAC2C0ADC87D15751A2B0CCE3BF25260E32BBE3CCA7CE93", "80F63C4DBA4692F1399B8419C02ECEE29E4B32D85EDDE77D136EB81CBB859B9C", "CE7B09FDAB4AD52C4D2DF48D876D11F77AB8D075D2126DF86BCFAB3FD1F6D522", "D0E9A6FEA2999AD188DFACA4CDB52E09ADE22AA518CBD8BB87F91A5E6058C8B4", "DEFBED52ABC2310EDCD812EAE7D66EFB050F845095358FC260D8C8294857312A", "ED45B3D03432EA991E20FCFB7B9FD0CD25D3E1B834197F239D900E5975F863A2"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/IBM-WAS-CVE-2020-4329/"]}, {"type": "nessus", "idList": ["WEBSPHERE_CVE-2020-4450.NASL"]}, {"type": "redhat", "idList": ["RHSA-2020:0556"]}, {"type": "symantec", "idList": ["SMNTC-111284"]}, {"type": "zdi", "idList": ["ZDI-20-688"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "tivoli federated identity manager", "version": 6}]}, "epss": [{"cve": "CVE-2019-4720", "epss": "0.001280000", "percentile": "0.457990000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4163", "epss": "0.000930000", "percentile": "0.381650000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4276", "epss": "0.000930000", "percentile": "0.381650000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4329", "epss": "0.000760000", "percentile": "0.307000000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4362", "epss": "0.000930000", "percentile": "0.381650000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4365", "epss": "0.000760000", "percentile": "0.307000000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4448", "epss": "0.019910000", "percentile": "0.870180000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4449", "epss": "0.003760000", "percentile": "0.685440000", "modified": "2023-03-18"}, {"cve": "CVE-2020-4450", "epss": "0.019910000", "percentile": "0.870180000", "modified": "2023-03-18"}], "vulnersScore": 2.3}, "_state": {"dependencies": 1677534736, "score": 1684013037, "affected_software_major_version": 1677535305, "epss": 1679176287}, "_internal": {"score_hash": "cab01b3a108442991e3ab46cb5c89953"}, "affectedSoftware": [{"version": "6.2.2", "operator": "eq", "name": "tivoli federated identity manager"}]}

{"ibm": [{"lastseen": "2023-02-27T21:54:38", "description": "## Summary\n\nIn the WebSphere Application Server Admin console, where the Rational Asset Manager is deployed, vulnerabilities such as privilege escalation, denial of service, command execution, code execution and Information Disclosure are observed. Information about these security vulnerability affecting WebSphere Application Server is published in the respective security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.x.\n\nNOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). **Affected Supporting Product** | **Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. | [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4276> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n[Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-command-execution-vulnerability-cve-2020-4163> \"Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability \\(CVE-2020-4163\\)\" ) \n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-exposure-vulnerability-cve-2020-4449> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" ) \n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/security-bulletin-remote-code-execution-vulnerability-websphere-application-server-nd-cve-2020-4448> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" ) \n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-20T06:09:39", "type": "ibm", "title": "Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where the Rational Asset Manager is deployed", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720", "CVE-2020-4163", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4448", "CVE-2020-4449"], "modified": "2020-06-20T06:09:39", "id": "929D837DD9C3EA90C20AF84418A0A2BB1D61BFBA6F69A8B90EB5479898403F5C", "href": "https://www.ibm.com/support/pages/node/6236710", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:53", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4449](<https://vulners.com/cve/CVE-2020-4449>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4670](<https://vulners.com/cve/CVE-2019-4670>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4448](<https://vulners.com/cve/CVE-2020-4448>) \n** DESCRIPTION: **IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181228](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181228>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4450](<https://vulners.com/cve/CVE-2020-4450>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Orchestrator| 2.5.0.10 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to manually upgrade to the appropriate WebSphere Application Server Interim Fix on IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5.0.10. \n\nConsult the following WebSphere Application Server security bulletins for the vulnerability details and information about their fixes:\n\n * [Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n * [Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670) ](<https://www.ibm.com/support/pages/node/1289152> \"Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console \\(CVE-2019-4670\\)\" )\n * [Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n * [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n * [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n * [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-16T09:19:38", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10086", "CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-09-16T09:19:38", "id": "86BC382413D13FEC49BBCF5FC0129F8B83C058E0C0CDD0CFC599911E284C4FA7", "href": "https://www.ibm.com/support/pages/node/6333467", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:29", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearQuest | 8.0.0 \nIBM Rational ClearQuest | 8.0.1 \nIBM Rational ClearQuest | 9.0 \nIBM Rational ClearQuest | 9.0.1 \nIBM Rational ClearQuest | 9.0.2 \n \n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest. \n\n**Principal Product and Version(s)** | **Affected Supporting Product and Version** | **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | IBM WebSphere Application Server versions 7.0, 8.0, 8.5 and 9.0. | \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n**ClearQuest Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n_For 8.0.x, 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-25T04:34:43", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4276, CVE-2020-4362, CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362"], "modified": "2020-05-25T04:34:43", "id": "9597A8DA413DEA047F25252B086CCCDA7543FCBC7042D730228D872AF048DEA1", "href": "https://www.ibm.com/support/pages/node/6216024", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:33", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.0 \nISIM| 6.0.2 \n \n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nISIM 6.0.0| WAS 7.0 &amp; WAS 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" ) \n \nISIM 6.0.0\n\nISIM 6.0.2\n\n| \n\nWAS 8.5\n\nWAS 9.0\n\n| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" ) \n \nISIM 6.0.0\n\nISIM 6.0.2\n\n| \n\nWAS ND 8.5\n\nWAS ND 9.0\n\n| \n\n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-23T21:46:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-06-23T21:46:36", "id": "860573F040C03CC664808FCC2BD448C2ADD9020A5F541F32D1E0724CEC95FF56", "href": "https://www.ibm.com/support/pages/node/6233996", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:53:59", "description": "## Summary\n\nThere are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. WebSphere Application Server is vulnerable to a remote code execution vulnerability. Information disclosure vulnerability in WebSphere Application Server. There is a remote code execution vulnerability in WebSphere Application Server Network Deployment.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Predictive Maintenance and Quality| All \nIBM Predictive Maintenance Insights On-Premises| \n\nAll \n \nThese vulnerabilities affect IBM WebSphere Application Server and WebSphere Application Server ND versions 9 and 8.5 in IBM Predictive Maintenance and Quality and Predictive Maintenance Insights.\n\n \n\n\n## Remediation/Fixes\n\nTo patch WebSphere Application Server and and WebSphere Application Server ND, please refer to Security Bulletins below: \n\n[Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n\n[WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n\n[WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-16T15:59:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server used in IBM Predictive Maintenance and Quality and Predictive Maintenance Insights", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-07-16T15:59:52", "id": "AD39C416EB5696DBABB8F348C24A823CB98337B9E36B23DC91AC6C26EC0E76D4", "href": "https://www.ibm.com/support/pages/node/6249965", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:54:37", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Rational ClearCase| 8.0.0 \nIBM Rational ClearCase| 9.0 \nIBM Rational ClearCase| 9.0.1 \nIBM Rational ClearCase| 9.0.2 \nIBM Rational ClearCase| 8.0.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n\n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" ) \n \n**ClearCase Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| \n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section. Check your installed version of IBM WebSphere Application Server against this bulletin's list of vulnerable versions.\n 2. Identify the latest available fixes (per the bulletin(s) listed above) for the version of WAS used for CCRC WAN server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n_For 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-22T16:29:37", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2020-4450, CVE-2020-4449, CVE-2020-4448)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-06-22T16:29:37", "id": "6079493219A5CD126F67C75B3C09C5C1FFB49FA42B2B03A1539A4146413F8909", "href": "https://www.ibm.com/support/pages/node/6237048", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:01", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult \n\n * [Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-exposure-vulnerability-cve-2020-4449> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4450> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-10T16:47:54", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4448, CVE-2020-4449 and CVE-2020-4450)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-06-10T16:47:54", "id": "E976E5758209A8AAC453A889E38AB09038103FF18FD79D09A6274289D2CD1C31", "href": "https://www.ibm.com/support/pages/node/6223936", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:45:55", "description": "## Summary\n\nThere are multiple vulnerabilities that affect IBM WebSphere Application Server shipped with IBM StoredIQ for Legal. These have been addressed in Fix Pack 2.0.3.13 of StoredIQ for Legal.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4163](<https://vulners.com/cve/CVE-2020-4163>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174397>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4782](<https://vulners.com/cve/CVE-2020-4782>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189213](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189213>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4534](<https://vulners.com/cve/CVE-2020-4534>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4450](<https://vulners.com/cve/CVE-2020-4450>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4589](<https://vulners.com/cve/CVE-2020-4589>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184585](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184585>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-4449](<https://vulners.com/cve/CVE-2020-4449>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-4643](<https://vulners.com/cve/CVE-2020-4643>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185590](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185590>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-4670](<https://vulners.com/cve/CVE-2019-4670>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStoredIQ for Legal| 2.0.3 \n \n\n\n## Remediation/Fixes\n\nApply fix pack 2.0.3.13 that is available from Fix Central <https://www.ibm.com/support/fixcentral/>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-04T09:24:28", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10086", "CVE-2019-17566", "CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4163", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4449", "CVE-2020-4450", "CVE-2020-4534", "CVE-2020-4589", "CVE-2020-4643", "CVE-2020-4782"], "modified": "2021-03-04T09:24:28", "id": "126E1024546918D07264839DD88F2FF75D58789A0F611D0689966886112B533B", "href": "https://www.ibm.com/support/pages/node/6422665", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-05T17:44:36", "description": "## Summary\n\nThe following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring (ITM) portal server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4578](<https://vulners.com/cve/CVE-2020-4578>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184433](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184433>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-4643](<https://vulners.com/cve/CVE-2020-4643>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185590](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185590>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4464](<https://vulners.com/cve/CVE-2020-4464>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4534](<https://vulners.com/cve/CVE-2020-4534>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4449](<https://vulners.com/cve/CVE-2020-4449>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 Fix Pack 7 Service Pack 5 (or later Service Pack) \n \n## Remediation/Fixes\n\nFix| VRMF| Remediation/Fix \n---|---|--- \n6.X.X-TIV-ITM_TEPS_EWAS-IHS_ALL_8.55.18.01| 6.3.0.x | <https://www.ibm.com/support/pages/node/6350173> \n \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566", "CVE-2019-4720", "CVE-2020-4276", "CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4449", "CVE-2020-4464", "CVE-2020-4534", "CVE-2020-4578", "CVE-2020-4643"], "modified": "2022-12-30T17:31:59", "id": "D794EA27CA7E3FF8825CDCEFF3439F08F1C4C2B94C2E54C22629BF94087D371F", "href": "https://www.ibm.com/support/pages/node/6351443", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology. \n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCLM| 6.0.6.1 \nCLM| 6.0.6 \nCLM| 6.0.2 \nELM| 7.0 \nRhapsody DM| 6.0.6 \nRhapsody DM| 6.0.6.1 \nRhapsody DM| 6.0.2 \nRDM| 7.0 \nDNG| 6.0.6 \nDNG| 6.0.6.1 \nDNG| 6.0.2 \nDOORS Next| 7.0 \nRTC| 6.0.2 \nRTC| 6.0.6.1 \nEWM| 7.0 \nRTC| 6.0.6 \nRQM| 6.0.6.1 \nRQM| 6.0.6 \nETM| 7.0.0 \nRQM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\nThe IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published. \n\nFor ELM applications version 6.0 to 7.0 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:\n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\n[Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2020-4421)](<https://www.ibm.com/support/pages/node/6205926> \"Security Bulletin: Potential spoofing attack in WebSphere Application Server \\(CVE-2020-4421\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-01T21:25:46", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329", "CVE-2020-4362", "CVE-2020-4365", "CVE-2020-4421"], "modified": "2020-06-01T21:25:46", "id": "D00CE0285A4F7F2D040FEB9E42204B251DB78A299D7FFC4E7348291016376C6E", "href": "https://www.ibm.com/support/pages/node/6218416", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:44:27", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276", "CVE-2020-4362"], "modified": "2020-07-24T22:19:08", "id": "E37521CF9AEA15A506E74C8F2964CA01FD757349E010363B351F3F67EF6EC858", "href": "https://www.ibm.com/support/pages/node/6202743", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:07", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.0 \nISIM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\n## \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nISIM 6.0.0 | WAS 7.0, 8.0, 8.5| \n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \nISIM 6.0.2| WAS 9 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T08:13:15", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276", "CVE-2020-4362"], "modified": "2020-04-27T08:13:15", "id": "C0C0BE37703E3B923259F980A7F946DB540E263A82DF998A29998BA1DE07B6F2", "href": "https://www.ibm.com/support/pages/node/6201447", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T18:05:18", "description": "## Summary\n\nThere is a denial of service and Networking security vulnerabilities in WebSphere Application Server. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2020-4163](<https://vulners.com/cve/CVE-2020-4163>) \n**DESCRIPTION: **IBM WebSphere Application Server, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174397>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nTo resolve these vulnerabilities, install one of the fixes listed below.\n\n**Product** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nIBM Content Foundation on Cloud | \n\n5.5.3 \n5.5.4\n\n| [PJ46065 \nPJ46065](<https://www.ibm.com/support/pages/node/1581579>) \n| \n\n[_5.5.3.0-P8CPE-IF003_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.5.3.0&platform=All&function=all>) \\- 7/16/2020 \n[_5.5.4.0-P8CPE-IF001_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.5.4.0&platform=All&function=all>) \\- 3/27/2020 \n \n## \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-14T20:49:31", "type": "ibm", "title": "Security Bulletin: IBM Content Foundation on Cloud security vulnerability in WebSphere container", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720", "CVE-2020-4163"], "modified": "2021-07-14T20:49:31", "id": "09C6ACF80628EF8C73E427E1D21F5A5A497D751BEB43E7A41354136EC7AE4215", "href": "https://www.ibm.com/support/pages/node/1581579", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:52:31", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Rational ClearQuest| 8.0.0 \nIBM Rational ClearQuest| 8.0.1 \nIBM Rational ClearQuest| 9.0 \nIBM Rational ClearQuest| 9.0.1 \nIBM Rational ClearQuest| 9.0.2 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| IBM WebSphere Application Server versions 7.0, 8.0, 8.5 and 9.0.| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n\n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4464\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4534\\)\" ) \n \n**ClearQuest Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n_For 8.0.x, 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-03T09:37:19", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450", "CVE-2020-4464", "CVE-2020-4534"], "modified": "2020-08-03T09:37:19", "id": "20275B53B0179711A539FCD72C61DE61752A9F0A0950F1CD32E564B47C4B4B5D", "href": "https://www.ibm.com/support/pages/node/6255594", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:52:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRQM| 6.0.6.1 \nRQM| 6.0.6 \nETM| 7.0.0 \nRQM| 6.0.2 \nRhapsody DM| 6.0.6 \nRhapsody DM| 6.0.6.1 \nRhapsody DM| 6.0.2 \nRDM| 7.0 \nRTC| 6.0.2 \nRTC| 6.0.6.1 \nEWM| 7.0 \nRTC| 6.0.6 \n \n\n\n## Remediation/Fixes\n\nThe IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published. \n\nFor ELM applications version 6.0 to 7.0 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4450\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4449\\)\" )\n\n[Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)](<https://www.ibm.com/support/pages/node/6250059>)\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534)](<https://www.ibm.com/support/pages/node/6255074>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-12T14:03:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450", "CVE-2020-4464", "CVE-2020-4534"], "modified": "2020-08-12T14:03:54", "id": "97CDC805F58A9B1C47D1FD84E32A701014B49D66DDD17B2EC600FE00B246D4A3", "href": "https://www.ibm.com/support/pages/node/6258269", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:08", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * Version 9.0\n * Version 8.5\n * Version 8.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletins for vulnerability details and information about fixes \n\n * [Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)](<https://www.ibm.com/support/pages/node/6220336> \"Remote code execution vulnerability in WebSphere Application Server ND \\(CVE-2020-4448\\)\" )\n * [WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)](<https://www.ibm.com/support/pages/node/6220296> \"WebSphere Application Server is vulnerable to an information exposure vulnerability \\(CVE-2020-4049\\)\" )\n * [WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450)](<https://www.ibm.com/support/pages/node/6220294> \"WebSphere Application Server is vulnerable to a remote code execution vulnerability \\(CVE-2020-4050\\)\" )\n\n## \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-05T18:40:39", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4049", "CVE-2020-4050", "CVE-2020-4448", "CVE-2020-4449", "CVE-2020-4450"], "modified": "2020-06-05T18:40:39", "id": "4EFC1C9A82D1F1C1CD8083DFC2150E3CE56082C5F1AC6970481FBD1FD6B53E24", "href": "https://www.ibm.com/support/pages/node/6220546", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-24T05:44:40", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearCase, ClearCase Remote Client (CCRC) WAN server component.\n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x:**\n\n * These vulnerabilities only applies to the CCRC WAN server component, and only for certain levels of WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase.\n\n**Principal Product and Version(s)** | **Affected Supporting Product and Version** | **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x | IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0. | \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)](<https://www.ibm.com/support/pages/node/1288786>)\n\n[Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)](<https://www.ibm.com/support/pages/node/1289152>)\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372>) \n \n**ClearCase Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x | \n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section. Check your installed version of IBM WebSphere Application Server against this bulletin's list of vulnerable versions.\n 2. Identify the latest available fixes (per the bulletin(s) listed above) for the version of WAS used for CCRC WAN server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n_For 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-19T13:10:26", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4163"], "modified": "2020-02-19T13:10:26", "id": "C941A2D7630C1EEC15E80BE6D862CE593ECABDE4BC36E967811030825C92AE29", "href": "https://www.ibm.com/support/pages/node/2892021", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:45:30", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes: \n\n * [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-command-execution-vulnerability-cve-2020-4163> \"Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability \\(CVE-2020-4163\\)\" )\n * [Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-admin-console-cve-2019-4670> \"Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console \\(CVE-2019-4670\\)\" )\n\nNote the following Flash before upgrading WebSphere Application Server:\n\n * [WebSphere Service Registry and Repository: Read First before upgrading to WebSphere Application Server V8.5.5 Fix Pack 14](<http://www.ibm.com/support/docview.wss?uid=ibm10738013>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-06T15:13:16", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2019-4720, CVE-2020-4163 and CVE-2019-4670)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4163"], "modified": "2020-02-06T15:13:16", "id": "060D3FC79AEC6F245510B1C6DC4349BA6ECD4B42B6857BA70D63BB7D9BF14A10", "href": "https://www.ibm.com/support/pages/node/1488921", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:45:21", "description": "## Summary\n\nIn the WebSphere Application Server Admin console where the Rational Asset Manager is deployed - a denial of service, command execution and information disclosure vulnerabilities are observed. Information about these security vulnerabilities affecting WebSphere Application Server are published in the respective security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletins listed in the **Remediation/Fixes** section.\n\n## Affected Products and Versions\n\n \nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4. \n \n**NOTE:** Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). \n\n\n**Affected Supporting Product**\n\n| \n\n**Affected Supporting Product Security Bulletin** \n \n---|--- \n \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0.\n\n| \n\n_[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372>)_ \n \n_[Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)](<https://www.ibm.com/support/pages/node/1289152>)_ \n \n_[Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)](<https://www.ibm.com/support/pages/node/1288786>)_ \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-13T12:33:27", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities are identified in WebSphere Application Server where Rational Asset Manager is deployed (CVE-2019-4720, CVE-2019-4670, and CVE-2020-4163)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4163"], "modified": "2020-02-13T12:33:27", "id": "3E9E58CB133C398A1E07C6770AAE40040AA7AC2816C667CD2848FFBE982ACCBD", "href": "https://www.ibm.com/support/pages/node/2403705", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T17:44:36", "description": "## Summary\n\nThe following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring (ITM) portal server. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4670](<https://vulners.com/cve/CVE-2019-4670>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4163](<https://vulners.com/cve/CVE-2020-4163>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174397>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-4450](<https://vulners.com/cve/CVE-2020-4450>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 Fix Pack 7 Service Pack 5 \n \n\n\n## Remediation/Fixes\n\nFIX| VRMF| Remediation/Fix \n---|---|--- \n6.X.X-TIV-ITM_TEPS_EWAS-IHS_ALL_8.55.17.01| 6.3.0.x | <https://www.ibm.com/support/pages/node/6335265> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10086", "CVE-2019-4670", "CVE-2020-4163", "CVE-2020-4450"], "modified": "2022-12-30T17:31:59", "id": "EA52924E34BCC16950981552A3FA767720FFB0ABD2C4348121C16E9BA6BD4C80", "href": "https://www.ibm.com/support/pages/node/6336437", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:55:12", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6 \nControl Desk 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n[WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-04T13:58:07", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-04T13:58:07", "id": "651519A7CF3934936F8772EF168CF781B5ECC7610377F209DF254077426D7CED", "href": "https://www.ibm.com/support/pages/node/6220232", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:57", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| 8.5 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n\n**Principal Product and Version(s)**| \n\n**Affected Supporting Product and Version**\n\n| **Affected Supporting Product Security Bulletin** \n---|---|--- \nWebSphere Remote Server 8.5| \n\nWebSphere Application Server 8.5\n\n| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-18T22:19:29", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-18T22:19:29", "id": "976F919FC290A9CF04D278802234E03FE2D845802AC74A80B70EA7452D3CBBA2", "href": "https://www.ibm.com/support/pages/node/6210534", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:50", "description": "## Summary\n\nWebSphere Application Server is vulnerable to a server-side request forgery vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect the following versions and releases of IBM WebSphere Application Server in IBM Cloud:\n\n * Version 8.5\n \n\n\n## Remediation/Fixes\n\nTo patch an existing service instance, refer to the IBM WebSphere Application Server bulletin listed below: \n\n * [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\nPlease see [ Updating your environment](<https://cloud.ibm.com/docs/services/ApplicationServeronCloud?topic=wasaas-updating-your-environment>) in the KnowlegeCenter for information on applying service. \n\nAlternatively, delete the vulnerable service instance and create a new instance.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-16T14:52:40", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-16T14:52:40", "id": "6558AFEB72F9052A7DDC452902F768EE59867F40CAC6B3E8ADA809260B835C7C", "href": "https://www.ibm.com/support/pages/node/6233330", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T16:45:13", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-14T16:45:13", "id": "A8FA0CA82D0B99F83999500658131D63342A6D01F0626378469C4233C286CA4C", "href": "https://www.ibm.com/support/pages/node/6209266", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:38", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 8.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T19:03:39", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-14T19:03:39", "id": "1253187CB975635D45D54CED51835E24ED8D38334E8F956710D4AF60E30CCE34", "href": "https://www.ibm.com/support/pages/node/6209317", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:38", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version(s)** \n---|--- \nWebSphere Service Registry and Repository 8.5| WebSphere Application Server 8.5.5 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes: \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-server-side-request-forgery-vulnerability-cve-2020-4365> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-19T16:34:44", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-19T16:34:44", "id": "BF65060D894F88440887145F957785E7DC97CFCE4B58544406F33D1BDDF7F3DC", "href": "https://www.ibm.com/support/pages/node/6211860", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:41", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version(s) \n---|--- \nIBM Cloud Pak for Applications, all versions | \n\nWebSphere Application Server:\n\n * 8.5 \n \n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-27T15:08:17", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with IBM Cloud Pak for Applications is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-07-27T15:08:17", "id": "26289C49F8A28DA67CE8E88E0B6A5EF7DA86BB2689654E94DAF730B00BC2CF30", "href": "https://www.ibm.com/support/pages/node/6253271", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:48", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability\" )\n\nSee section: **For V8.5.0.0 through 8.5.5.17:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:27:23", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-08-24T12:27:23", "id": "B4FE1B26E5C26CDC219CEB5E6DB28E0AF62C714D0BDFC3E7626485AFD5DD33E9", "href": "https://www.ibm.com/support/pages/node/6320861", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:55:13", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearQuest | 8.0.1 \nIBM Rational ClearQuest | 9.0.2 \nIBM Rational ClearQuest | 8.0.0 \nIBM Rational ClearQuest | 9.0 \nIBM Rational ClearQuest | 9.0.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest. \n\n**Principal Product and Version(s)** | **Affected Supporting Product and Version** | **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | IBM WebSphere Application Server versions 8.5 | \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n**ClearQuest Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x | Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n_For 8.0.x, 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-03T04:32:45", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-03T04:32:45", "id": "8B09AD4AC24D6E8E14D92335F42541805069E1DAE6D86CD1B6260B5FE019BA73", "href": "https://www.ibm.com/support/pages/node/6219242", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:42", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability\" )\n\nSee section: **For V8.5.0.0 through 8.5.5.17:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-26T14:55:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-08-26T14:55:04", "id": "D3880C7852DB9EFFBB3B76955322352B435D1896CD07A0825E679BDC935BB4D1", "href": "https://www.ibm.com/support/pages/node/6323251", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:49:56", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nIBM Operations Analytics Predictive Insights v1.3.3| Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights v1.3.5| Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights v1.3.6| Websphere Application Server 8.5 \n \n## Remediation/Fixes\n\nMore information and recommended solutions are disclosed with the security bulletin: [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-server-side-request-forgery-vulnerability-cve-2020-4365> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-12T18:18:22", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-10-12T18:18:22", "id": "5A5125925EBA02E1F8D635FF8A050A4D44668622DA9EECE18E8D3B2742917CD2", "href": "https://www.ibm.com/support/pages/node/6324263", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:48", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability](<https://www.ibm.com/support/pages/node/6209099> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability\" )\n\nSee section: **For V8.5.0.0 through 8.5.5.17:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:29:03", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-08-24T12:29:03", "id": "95A0331F3BEA1EBD0D529E31AA0CFF972F79A25ADF9D95A777B7B0FA5EA42E51", "href": "https://www.ibm.com/support/pages/node/6320863", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:45:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-server-side-request-forgery-vulnerability-cve-2020-4365> \"WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T13:55:02", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-14T13:55:02", "id": "3FB4899A3FB4C7FAB480D72B8D89C0F7ADBEBEFD1C82260C0DDD1186FCFD1DB8", "href": "https://www.ibm.com/support/pages/node/6209226", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:23", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.2.1 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-28T20:50:54", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-28T20:50:54", "id": "D9DD7B1E68819557246CE052C2A1D441B9E54DC8325262221F36E256E53A425B", "href": "https://www.ibm.com/support/pages/node/6211875", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:33", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-23T20:14:20", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-06-23T20:14:20", "id": "6AEFF4A1E2CE43A6C28306F76FC53576CD3450EAD0A3066EC2E34BFAACC1BE07", "href": "https://www.ibm.com/support/pages/node/6237866", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:17", "description": "## Summary\n\nWebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4365](<https://vulners.com/cve/CVE-2020-4365>) \n**DESCRIPTION: **IBM WebSphere Application Server is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server | 8.5 \n \n## Remediation/Fixes\n\n**For WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH23638](<https://www.ibm.com/support/pages/node/6209067> \"PH23638\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020). \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-29T13:48:25", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-29T13:48:25", "id": "C2F6F5506480CB85A6DB6F096B7B7E562DE0419E55AED7EE6FAA08C1F5DCFB05", "href": "https://www.ibm.com/support/pages/node/6209099", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:34", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere\u00ae Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM\u00ae Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3| IBM WebSphere\u00ae Application Server V8.5 \nIBM\u00ae Intelligent Operations Center for Emergency Management V1.6| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-21T08:56:05", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere\u00ae Application Server shipped with IBM\u00ae Intelligent Operations Center (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-21T08:56:05", "id": "74367E5FAA9153FBB3294400EDD4E66E3FC454449E232848EB9B92B9E9B4CE23", "href": "https://www.ibm.com/support/pages/node/6212497", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:56", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-07-24T22:19:08", "id": "D91D5DB5A40E711632B505AA5C086735FB04E313FC3A69BB0D647894D124C07B", "href": "https://www.ibm.com/support/pages/node/6217818", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-06-05T17:50:04", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \n \nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)](<https://www.ibm.com/support/pages/node/6209099> \"Security Bulletin: WebSphere Application Server is vulnerable to a server-side request forgery vulnerability \\(CVE-2020-4365\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4365)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2022-09-14T15:28:14", "id": "F7CFF765DD44AF112B428A21101BB56DAA4C74B46BAB3908CD6DC291CDBDCB3E", "href": "https://www.ibm.com/support/pages/node/6209667", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:31", "description": "## Summary\n\nIBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to a security vulnerability. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service and a remote attacker could exploit this vulnerability to cause the server to consume all available memory. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Identity Governance and Intelligence| 5.2 \nIBM Security Identity Governance and Intelligence| 5.2.3 \nIBM Security Identity Governance and Intelligence| 5.2.4 \nIBM Security Identity Governance and Intelligence| 5.2.5 \nIBM Security Identity Governance and Intelligence| 5.2.6 \n \n \n\n\n## Remediation/Fixes\n\nProduct Name | VRMF| First Fix \n---|---|--- \nIGI| 5.2| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.3| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.4| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.5| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \nIGI| 5.2.6| [5.2.6.0-ISS-SIGI-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=all> \"5.2.6.0-ISS-SIGI-FP0001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-27T08:15:41", "type": "ibm", "title": "Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-27T08:15:41", "id": "1D175F9C9806A85668A040BF3EFE408975FAD5D82ADCF7E6B3A57BDC6C5B6AE8", "href": "https://www.ibm.com/support/pages/node/6208322", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T17:40:29", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Liberty that is used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| All \n \n\n\n## Remediation/Fixes\n\nApply 1.3.6 Interim Fix 2 or later \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&amp;release=1.3.6 \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6>) \nNote that for versions earlier than 1.3.6, ONLY the UI component should be updated using this interim fix. Nothing else in the interim fix is relevant to this bulletin. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-16T13:59:51", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-16T13:59:51", "id": "67146E2A524C8FB5A1DFD73F1DB4911AAB49B852B996D26C9FDC1C6AD38C7259", "href": "https://www.ibm.com/support/pages/node/5967735", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:41:45", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n# [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-23T20:39:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-07-23T20:39:17", "id": "61C3F15886364FC22D270B27228FD5FA37CCAE5CB24408C225EC21FF0A7ECDF1", "href": "https://www.ibm.com/support/pages/node/1568877", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:38", "description": "## Summary\n\nThere are vulnerabilities in WebSphere liberty related to DOS used by IBM Streams. IBM Streams has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Streams| 4.1.1.x \nInfoSphere Streams| 4.2.1.x \nInfoSphere Streams| 4.3.1.x \n \n\n\n## Remediation/Fixes\n\nNOTE: Fix Packs are available on IBM Fix Central. \n\nTo remediate/fix this issue, follow the instructions below:\n\nVersion 4.3.x: Apply [ 4.3.0 Fix Pack 1 (4.3.1.2) or higher](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/InfoSphere+Streams&release=4.3.0.0&platform=All&function=all>) . \nVersion 4.2.x: Apply [4.2.1 Fix Pack 4 (4.2.1.10) or higher](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>) . \nVersion 4.1.x: Apply [4.1.1 Fix Pack 6 (4.1.1.12) or higher](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>) . \nVersions 4.0.x,3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-21T15:17:05", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in WebSphere liberty related to DOS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-21T15:17:05", "id": "D0E9A6FEA2999AD188DFACA4CDB52E09ADE22AA518CBD8BB87F91A5E6058C8B4", "href": "https://www.ibm.com/support/pages/node/6207088", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:51:13", "description": "## Summary\n\nNovalink uses WebSphere Application Server Liberty. There is a denial of service in high vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNovaLink| 1.0.0.13 \nNovaLink| 1.0.0.15 \n \n## Remediation/Fixes\n\nThe recommended solution is to upgrade to Novalink version 1.0.0.16\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-07T12:35:07", "type": "ibm", "title": "Security Bulletin: Novalink is impacted by denial of service high vulnerability in WebSphere Application Server Liberty CVE-2019-4720", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-09-07T12:35:07", "id": "6C0B46071036140AA51372906322730888C9E7399B10A1E9F089A640862B19CC", "href": "https://www.ibm.com/support/pages/node/6327175", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:03", "description": "## Summary\n\nWebSphere liberty is vulnerable to a DOS that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Knowledge Catalog for IBM Cloud Pak for Data| 2.5 \n \n\n\n## Remediation/Fixes\n\nInstall wkc-patch-3.0.0.5 for IBM Cloud Pak for Data. \n\nContact IBM support for more details.\n\n## Workarounds and Mitigations\n\nNone. WebSphere Liberty must be upgraded.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-28T19:42:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-28T19:42:34", "id": "D5F5876D51E1333B156D6BAB7A3B9B711BB9B026AF79134525B9F927D3CE884B", "href": "https://www.ibm.com/support/pages/node/6202553", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:42", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-19T03:18:21", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-19T03:18:21", "id": "D48F5D967CAB789B94C7E1D084F92F01492F6ACFBE7DCFCADD9E3FE725B16F75", "href": "https://www.ibm.com/support/pages/node/2929815", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:23", "description": "## Summary\n\nIBM Event Streams has addressed the following vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Event Streams| 2019.2.1 \n \nIBM Event Streams in IBM Cloud Pak for Integration\n\n| \n\n2019.2.2 \n \nIBM Event Streams in IBM Cloud Pak for Integration\n\n| \n\n2019.2.3 \n \nIBM Event Streams\n\n| \n\n2019.4.1 \n \nIBM Event Streams in IBM Cloud Pak for Integration\n\n| 2019.4.1 \n \n## Remediation/Fixes\n\nUpgrade from IBM Event Streams 2019.2.1 to IBM Event Streams 2019.4.1 by downloading IBM Event Streams 2019.4.1 from [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/pao_customer.html>).\n\nUpgrade from IBM Event Streams 2019.4.1 to the [latest Fix Pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Event+Streams&release=2019.4.1&platform=All&function=fixId&fixids=*IBM-Event-Streams*>).\n\nUpgrade IBM Event Streams 2019.2.2, IBM Event Streams 2019.2.3 and IBM Event Streams 2019.4.1 in IBM Cloud Pak for Integration by downloading IBM Event Streams 2019.4.2 in IBM Cloud Pak for Integration 2020.2.1 from [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/pao_customer.html>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-11T16:10:40", "type": "ibm", "title": "Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4720", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-11T16:10:40", "id": "036EA0A600E846F6A02DD17117A50C0F70F9BAD404250267597F62555F45EA04", "href": "https://www.ibm.com/support/pages/node/6205727", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:52:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has beFor V7.0.0.0 through 7.0.0.45:en published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-13T10:26:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-13T10:26:12", "id": "A19C7DB3D10F228B0E192F9FC45BA5C4EA1CC1B39C3D650FC46AC90A6A37E1CD", "href": "https://www.ibm.com/support/pages/node/6259379", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:44:14", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale, which could allow a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nThe Elastic Storage Server 5.3.0 thru 5.3.5.2 \nThe Elastic Storage Server 5.0.0 thru 5.2.9 \nThe Elastic Storage Server 4.5.0 thru 4.6.0 \nThe Elastic Storage Server 4.0.0 thru 4.0.6\n\n \n \n\n\n## Remediation/Fixes\n\nFor IBM Elastic Storage Server V5.0.0 thru 5.3.5.2, apply V5.3.6 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&amp;release=5.3.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=5.3.0&platform=All&function=all>)\n\nFor IBM Elastic Storage Server V5.0.0 thru 5.2.9, apply V5.2.10 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&amp;release=5.2.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=5.2.0&platform=All&function=all>)\n\nIf you are unable to upgrade to ESS 5.3.6 or 5.2.10, contact IBM Service to obtain an efix:\n\n\\- For IBM Elastic Storage Server 5.3.0-5.3.5.2, reference APAR IJ24119 \n\\- For IBM Elastic Storage Server 5.0.0- 5.2.9, reference APAR IJ24099 \n\\- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IJ24099\n\nTo contact IBM Service, see <http://www.ibm.com/planetwide/>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-06T13:08:46", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-06T13:08:46", "id": "8C188C0D2A0502498EFDA98119EA020FAB6FAE0E7E28A0DEC0BD7B63D17039AB", "href": "https://www.ibm.com/support/pages/node/6192885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:07", "description": "## Summary\n\nTXSeries for Multiplatforms has addressed the following vulnerability reported by IBM\u00ae WebSphere Application Server liberty \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM TXSeries for Multiplatforms| 9.1.0.0 - 9.1.0.1 \nIBM TXSeries for Multiplatforms| 8.2.0.0 - 8.2.0.2 \nIBM TXSeries for Multiplatforms| 8.1.0.0 - 8.1.0.2 \n \n\n\n## Remediation/Fixes\n\nProduct| Version| Defect| Remediation / First Fix \n---|---|---|--- \nIBM TXSeries for Multiplatforms v9.1| \n\n9.1.0.0\n\n9.1.0.1\n\n| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_9.1_SpecialFix_032020&source=SAR>) \nIBM TXSeries for Multiplatforms v8.2| \n\n8.2.0.0\n\n8.2.0.1\n\n8.2.0.2\n\n| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_8.2_SpecialFix_032020&source=SAR>) \nIBM TXSeries for Multiplatforms v8.1| \n\n8.1.0.0\n\n8.1.0.1\n\n8.1.0.2\n\n| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_8.1_SpecialFix_032020&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-27T13:53:37", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect TXSeries for Multiplatforms", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-27T13:53:37", "id": "6A6D3443974438B65979A6338422445099F3CA76DB149428DB7450AB644D4F69", "href": "https://www.ibm.com/support/pages/node/6201736", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:55:15", "description": "## Summary\n\nIBM MobileFirst Platform Foundation has addressed the following vulnerability: WebSphere liberty is vulnerable to a DOS\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MobileFirst Foundation| 8.0.0.0 - ICP, IKS or using the scripts (BYOL), OCP/ICPA \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM MobileFirst Platform Foundation| 8.0.0.0| Download the iFix from [IBM MobileFirst Platform Foundation on FixCentral](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+MobileFirst+Platform+Foundation&fixids=8.0.0.0-MFPF-IF202004271027&source=SAR> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-01T04:03:38", "type": "ibm", "title": "Security Bulletin: WebSphere liberty is vulnerable to a DOS (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-01T04:03:38", "id": "467CF97BCB360927DBFFE98B67B787639BE1F772AB145EC498B8B01C4AC15F2C", "href": "https://www.ibm.com/support/pages/node/6218304", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:52", "description": "## Summary\n\nIBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Products and Versions:\n\nAffected Product(s)\n\n| \n\nVersion(s) \n \n---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.0 through 6.0.0.2 iFix08 \n \nIBM Control Center\n\n| \n\n6.1.0.0 through 6.1.2.1 iFix02 \n \n \n\n\n## Remediation/Fixes\n\nRemediation/Fixes: \n\nProduct\n\n| \n\nVRMF\n\n| \n\niFix\n\n| \n\nRemediation \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.2\n\n| \n\niFix09\n\n| \n\n[Fix Central - 6.0.0.2](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) \n \nIBM Control Center\n\n| \n\n6.1.2.1\n\n| \n\niFix02\n\n| \n\n[Fix Central - 6.1.2.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.2.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-04T21:42:24", "type": "ibm", "title": "Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-04T21:42:24", "id": "ACBEAC66D4C77E6E0A8CA29C8E2103087D2D4C85F414F793D1FC336B951FB25C", "href": "https://www.ibm.com/support/pages/node/6205779", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:46", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli Business Service Manager 6.1.0 all Fixpacks \nIBM Tivoli Business Service Manager 6.1.1 all Fixpacks \nIBM Tivoli Business Service Manager 6.2.0.0 \u2013 6.2.0.2 Interim Fix 1\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Tivoli Business Service Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Business Service Manager 6.1.0 \nIBM Tivoli Business Service Manager 6.1.1| IBM WebSphere Application Server 7.0| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nIBM Tivoli Business Service Manager 6.2.0| IBM WebSphere Application Server 8.5| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-19T05:46:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-19T05:46:52", "id": "ED5493758E1BB2264B2528B7BFDF7459C01FEC351EDA1D8EA5F345B3F0121AD0", "href": "https://www.ibm.com/support/pages/node/6235666", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:52:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager versions 4.1.1 and 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.1.1| [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-13T10:24:09", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-13T10:24:09", "id": "264C02DB84560D43F15B55FC00827F64C8C799EB4813FAD5C111008C8E131691", "href": "https://www.ibm.com/support/pages/node/6259377", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T05:44:47", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-18T15:37:43", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-18T15:37:43", "id": "F0F6B314EFF00F10A24D71AC701C8D020FAE17292397195CFCABDAC91A29CD99", "href": "https://www.ibm.com/support/pages/node/2861697", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:39", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Security Key Lifecycle Manager | 4.0 \n \n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-08T21:52:07", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-08T21:52:07", "id": "F3F782D7C52FB7EDB2E3360618EA58B1F3470CCF5FC14BCA7DB46A5535A7293A", "href": "https://www.ibm.com/support/pages/node/6173643", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:14", "description": "## Summary\n\nVulnerability CVE-2019-4720 exists in IBM WebSphere Liberty Profile used by IBM Spectrum Symphony 7.3.0.1, 7.3, 7.2.1, 7.2.0.2 and 7.1.2, and IBM Platform Symphony 7.1.1. Interim fixes that provide instructions on upgrading the IBM WebSphere Liberty Profile package to version 20.0.0.3 are available on IBM Fix Central. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n_**Affected Products**_| _**Versions**_ \n---|--- \nIBM Spectrum Symphony| 7.3.0.1 \nIBM Spectrum Symphony| 7.3 \nIBM Spectrum Symphony| 7.2.1 \nIBM Spectrum Symphony| 7.2.0.2 \nIBM Spectrum Symphony| 7.1.2 \nIBM Platform Symphony| 7.1.1 \n \n\n\n## Remediation/Fixes\n\n_**Products**_| _**VRMF**_| _**APAR **_| _**Remediation/First Fix **_ \n---|---|---|--- \nIBM Spectrum Symphony| 7.3.0.1| P103512| [sym-7.3.0.1-build545449](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.0.1-build545449&includeSupersedes=0> \"sym-7.3.0.1-build545449\" ) \nIBM Spectrum Symphony| 7.3| P103511| [sym-7.3-build545448](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build545448&includeSupersedes=0> \"sym-7.3-build545448\" ) \nIBM Spectrum Symphony| 7.2.1| P103510| [sym-7.2.1-build545447](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build545447&includeSupersedes=0> \"sym-7.2.1-build545447\" ) \nIBM Spectrum Symphony| 7.2.0.2| P103509| [sym-7.2.0.2-build545446](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build545446&includeSupersedes=0> \"sym-7.2.0.2-build545446\" ) \nIBM Spectrum Symphony| 7.1.2| P103508| [sym-7.1.2-build545445](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build545445&includeSupersedes=0> \"sym-7.1.2-build545445\" ) \nIBM Platform Symphony| 7.1.1| P103507| [sym-7.1.1-build545444](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build545444&includeSupersedes=0> \"sym-7.1.1-build545444\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-22T06:52:59", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Symphony and IBM Platform Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-22T06:52:59", "id": "D9E8D125D2A5D32BB22B755D0193D28F3F5DE0A694D5EF40ABD49E19443F4CBE", "href": "https://www.ibm.com/support/pages/node/6195842", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:16", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as component of IBM Cloud Pak System. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Affected Versions(s)**| **Affected Supporting Product and Version** \n---|--- \nIBM Cloud Pak System All releases| WebSphere Application Server: \n\n * Liberty\n * Version 9.0\n * Version 8.5 \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-07T13:14:44", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Application Server shipped as component of Cloud Pak System is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-07-07T13:14:44", "id": "6E15388FEC4AEF961ACD45CDEA784062121BF39A5E1909E3C780D0C5147A52E5", "href": "https://www.ibm.com/support/pages/node/6208265", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:18", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-26T07:15:15", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-26T07:15:15", "id": "1A86238F7F143F1D2CDCAF13A7A5121E2734C20B015C44303B08AB3756ADAA1C", "href": "https://www.ibm.com/support/pages/node/3510741", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:47:00", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. This issue allows a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM License Metric Tool | All \n \n## Remediation/Fixes\n\nUpgrade to version 9.2.19 or later using the following procedure: \n\n * In BigFix console, expand IBM License Reporting (ILMT) node under Sites node in the tree panel.\n * Click Fixlets and Tasks node. Fixlets and Tasks panel will be displayed on the right.\n * In the Fixlets and Tasks panel locate _Upgrade to the latest version of IBM License Metric Tool __9.x _fixlet and run it against the computer that hosts your server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-27T07:46:58", "type": "ibm", "title": "Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2019-4720).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-27T07:46:58", "id": "72FDC7ACE37453A4C45D6056B76A38DAB964209EA3654296776CF200F9BBCFD0", "href": "https://www.ibm.com/support/pages/node/6123519", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:55:09", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-05T05:02:21", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-05T05:02:21", "id": "B7D7C09AA3957447FD5B3D3BD6AAD56CD3C7645746D04D52839C4B2817CED9A1", "href": "https://www.ibm.com/support/pages/node/6220408", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:43:58", "description": "## Summary\n\nThis security bulletin addresses the Denial of Service (DOS) vulnerability that has been found to impact Websphere Liberty in IBM Tivoli Application Dependency Discovery Manager.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager | 7.3.0 (7.3.0.3 - 7.3.0.7) \n \n## Remediation/Fixes\n\n**_Directions for interim efix application:_**\n\n * **For TADDM 7.3.0.5 and 7.3.0.6 environment:**\n\nCheck the websphere version installed using any of the below three commands:\n\n 1. $COLLATION_HOME/external/wlp/bin/server version\n 2. $COLLATION_HOME/external/wlp/bin/productInfo version\n 3. cd $COLLATION_HOME/external/wlp; cat README.TXT |head -1\n * If Websphere version output is \u201c8.5.5.8\u201d, then please first apply the efix of WebSphere 20.0.0.1 which was released earlier and can be found at below link:\n\n[https://www.ibm.com/support/pages/node/5693217](<https://www.ibm.com/support/pages/node/5693193>)\n\nThen proceed to apply the below interim efix efix_WLP_20001_InterimFix_FP7200218.zip of websphere.\n\n * If Websphere version output above is \u201c20.0.0.1\u201d then apply the interim efix efix_WLP_20001_InterimFix_FP7200218.zip directly.\n\n * **For TADDM 7.3.0.7 environment:**\n\nThe websphere version has been upgraded to 20.0.0.1 in 7.3.0.7 but as a precautionary measure, please check the version before application of any fixes. With version 20.0.0.1, the interim fix efix_WLP_20001_InterimFix_FP7200218.zip can be applied directly.\n\nThe interim efix details are as follows:\n\nFix | VRMF | APAR | How to acquire fix \n---|---|---|--- \n \nefix_WLP_20001_InterimFix_FP7200218.zip\n\n| 7.3.0.5 - 7.3.0.7 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=tUeuOXu7AZ3srGaop3dwIZ38LT43dQ2m3SooMX9NOL0> \"Download eFix\" ) \n \n**Note**: Before TADDM 7.3.0.5, Java 7 was used and the upgraded Liberty version 20.0.0.1 requires Java8. Hence, no eFix can be provided for versions before 7.3.0.5.\n\n## Workarounds and Mitigations\n\nFor customers on TADDM FixPack 3 or FixPack 4, recommendation is to upgrade to a later version and then follow the steps mentioned above.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-22T12:32:50", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to Denial of Service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-10-22T12:32:50", "id": "104E5358C09C4A12262672713C06CC3321584D57C3884021EB6B32EED2C9E8BC", "href": "https://www.ibm.com/support/pages/node/6200504", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:12", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Waston. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)** | ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1 | IBM WebSphere Application Server 9.0.0.10 \nIBM OpenPages GRC Platform 7.4/8.0 | IBM WebSphere Application Server 9.0.0.3 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/1285372> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-04-23T04:01:54", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-23T04:01:54", "id": "932925E1037ED82721BC6DC142A9C2642FF0DE1519D1063C1E121B0FF0B92345", "href": "https://www.ibm.com/support/pages/node/6194769", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T05:44:53", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server | 9.0 \nWebSphere Application Server | 7.0 \nWebSphere Application Server | 8.0 \nWebSphere Application Server | 8.5 \nWebSphere Application Server Liberty | Continuous Delivery \n \n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical. \n\n**For WebSphere Application Server Liberty:**\n\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 20.0.0.2 or later (targeted availability 1Q2020).\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.2:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.3 or later (targeted availability 1Q2020).\n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH19528](<https://www.ibm.com/support/pages/node/1284580> \"PH19528\" ) \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-17T13:24:23", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-17T13:24:23", "id": "BFD3B2B780AE5E2B57758FF9D1854E539D0BDD7480D41CE99BA69E3C8264005C", "href": "https://www.ibm.com/support/pages/node/1285372", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:54", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale, which could allow a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Spectrum Scale V5.0.0.0 through V5.0.4.3\n\nIBM Spectrum Scale V4.2.0.0 through V4.2.3.20\n\n## Remediation/Fixes\n\nFor IBM Spectrum Scale V5.0.0.0 thru 5.0.4.3, apply V5.0.4.4 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=5.0.4&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.4&platform=All&function=all>)\n\nFor IBM Spectrum Scale V4.2.0.0 thru V4.2.3.20, apply V4.2.3.21 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=4.2.3&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all> \"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all\" )\n\nIf you cannot apply the latest level of service, contact IBM Service for an efix:\n\n\\- For IBM Spectrum Scale V5.0.0.0 through V5.0.4.3, reference APAR ** IJ24119**\n\n\\- For IBM Spectrum Scale V4.2.0.0 through V4.2.3.20, reference APAR **IJ24099**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-02T17:55:11", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-02T17:55:11", "id": "A3C55652F9A1A6B8950F7BED8B0E4416B16DE12D384B96E9E34E2D40FA65D07B", "href": "https://www.ibm.com/support/pages/node/6192879", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:42:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-27T08:14:51", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-27T08:14:51", "id": "6FA137EFE432E9DB974E04AE47D6A29DE89F27AF0B1E37EBA756CFF32ADEDFD7", "href": "https://www.ibm.com/support/pages/node/1288102", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:13", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System 3000, which could allow a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Elastic Storage System 3000| 6.0.0 through 6.0.0.1 \n \n## Remediation/Fixes\n\nFor IBM Elastic Storage System 3000 V6.0.0 thru 6.0.0.1, apply V6.0.0.2 available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&amp;release=6.0.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=6.0.0&platform=All&function=all>)\n\nIf you are unable to upgrade to ESS 3000 V6.0.0.2, contact IBM Service to obtain an efix:\n\n\\- For IBM Elastic Storage System 6.0.0 - 6.0.0.1, reference APAR **IJ24119**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-22T12:18:59", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System 3000(CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-22T12:18:59", "id": "5D8C40983A1BCB78D36B7DF2374D6AE029F0F4282200D955A0BBA8DB40749562", "href": "https://www.ibm.com/support/pages/node/6192891", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:17", "description": "## Summary\n\nThere is a denial of server vulnerability in IBM WebSphere Liberty Profile used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1 have addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum Conductor| 2.2.1 \nIBM Spectrum Conductor| 2.4 \nIBM Spectrum Conductor| 2.4.1 \nIBM Spectrum Conductor| 2.3 \n \n\n\n## Remediation/Fixes\n\nProduct(s)| Version(s)| APAR| Remediation/Fixes \n---|---|---|--- \nIBM Spectrum Conductor with Spark| 2.2.1| None| [cws-2.2.1-build545141](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=cws-2.2.1-build545141&includeSupersedes=0> \"cws-2.2.1-build545141\" ) \nIBM Spectrum Conductor| 2.3.0| None| [sc-2.3-build545140](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.3-build545140&includeSupersedes=0> \"sc-2.3-build545140\" ) \nIBM Spectrum Conductor| 2.4.0| None| [sc-2.4-build545139](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4-build545139&includeSupersedes=0> \"sc-2.4-build545139\" ) \nIBM Spectrum Conductor| 2.4.1| None| [sc-2.4.1-build545138](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4.1-build545138&includeSupersedes=0> \"sc-2.4.1-build545138\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T07:17:35", "type": "ibm", "title": "Security Bulletin: A denial of service vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-20T07:17:35", "id": "3B6FFA1802620B3837E9241495B519A902FD546289DECADF7240559B78CE4CDA", "href": "https://www.ibm.com/support/pages/node/6195363", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:27", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere\u00ae Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM\u00ae Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, V5.1.0.6, V5.1.0.7, V5.1.0.8, V5.1.0.9, V5.1.0.10, V5.1.0.11, V5.1.0.12, V5.1.0.13, V5.1.0.14, V5.2.0, and V5.2.1| IBM WebSphere\u00ae Application Server V7.0, V8.0, V8.5, V9.0, and Liberty \nIBM\u00ae Intelligent Operations Center for Emergency Management V1.6, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, and V5.1.0.6| \nIBM\u00ae Water Operations for Waternamics V5.1, V5.2.0, V5.2.0.1, V5.2.0.2, V5.2.0.3, V5.2.0.4, V5.2.0.5, V5.2.0.6, V5.2.1, and V5.2.1.1| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-14T14:54:47", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere\u00ae Application Server shipped with IBM\u00ae Intelligent Operations Center (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-14T14:54:47", "id": "B7D99DF4C04CF5F3A2B3D2119C254ABE8CDD229DB7014A05C47081E83C530B8F", "href": "https://www.ibm.com/support/pages/node/6189699", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:28", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM Performance Management has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \nIBM Cloud APM| 8.1.4 \n \n## Remediation/Fixes\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private| 8.1.4| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0010 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/6120993>\n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0008 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6125031> \n \n---|---|--- \n \nIBM Cloud Application Performance Management\n\n| N/A| \n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0008 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6125031> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-14T11:54:02", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-14T11:54:02", "id": "AFDFD85F2CF1D11E09505DD0597E9BCE253A4C4F2F99EBAF3B1A1745134605D2", "href": "https://www.ibm.com/support/pages/node/6173931", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:47:29", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-4720\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.0.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 2.0.3 or later\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-19T19:17:02", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-19T19:17:02", "id": "35A8B908BE6A907E21280C68DBD7C12DD15E7AF64D1204CD2C6EEC2776BC0030", "href": "https://www.ibm.com/support/pages/node/6100456", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T21:41:11", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server that is used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. This issue was addressed by IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| All \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes for WebSphere Application Server. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-16T14:00:20", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Operations Analytics Predictive Insights (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-03-16T14:00:20", "id": "DDCF25AFD495DBD7D06398438314BF7845A2CEC74BFE45F295C9CE67BD318E39", "href": "https://www.ibm.com/support/pages/node/5967729", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:52:18", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.0, 4.0.1| Use Content Collector for Email 4.0.1.9 [Interim Fix IF006](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.9-IBM-ICC-IF006&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-06T15:58:44", "type": "ibm", "title": "Security Bulletin: Embedded WebSphere application server is vulnerable to a denial of service affect Content Collector for Email", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-06T15:58:44", "id": "0E954BE815796B26C7D4ABE2BCCC21DC5663BE0814B4E5F3C1EFE68319DD65E2", "href": "https://www.ibm.com/support/pages/node/6257105", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:19", "description": "## Summary\n\nIBM WebSphere Application Server used by Rational Asset Analyzer is vulnerable to a denial of service, caused by sending a specially-crafted request. .\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAsset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n\n\n## Remediation/Fixes\n\nRAA fixpack 23 refresh 1| [Windows](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Windows\" ) \n---|--- \nRAA fixpack 23 refresh 1| [z/OS](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"z/OS\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-30T19:19:49", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-30T19:19:49", "id": "A723DDE407BAD02EA174056C8472D7F717073A89A2422790546E09A7047E1824", "href": "https://www.ibm.com/support/pages/node/6242308", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:18", "description": "## Summary\n\nIBM WebSphere Application Server used by Rational Asset Analyzer is vulnerable to a denial of service, caused by sending a specially-crafted request. .\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nAsset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n\n\n## Remediation/Fixes\n\nRAA fixpack 23 refresh 1| [Windows](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Windows\" ) \n---|--- \nRAA fixpack 23 refresh 1| [z/OS](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"z/OS\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-30T20:09:05", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-30T20:09:05", "id": "92632CCF2E5D968091A91A66449BF402408AACCDD70624AA9ACC2E9C6CAE4822", "href": "https://www.ibm.com/support/pages/node/6242380", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:55:47", "description": "## Summary\n\nIBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.0 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.0\n * IBM Cloud Private 3.2.1\n\nFor IBM Cloud Private 3.2.0, apply March fix pack:\n\n * [IBM Cloud Private 3.2.0.2003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.0.2003-build547200-36007&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere> \"IBM Cloud Private 3.2.0.2003\" )\n\n \n\n\nFor IBM Cloud Private 3.2.1, apply March fix pack:\n\n * [IBM Cloud Private 3.2.1.2003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.1.2003-build547202-36013&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere> \"IBM Cloud Private 3.2.1.2003\" )\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-10T17:47:50", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-10T17:47:50", "id": "AF1E7C0E7AEB6A7745DD28859766C9018DBFD2ECD10FE9D39C7EEB35939A2141", "href": "https://www.ibm.com/support/pages/node/6208293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:53:38", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Common Reporting| 3.1.3 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Tivoli Common Reporting Release \n**| **Remediation** \n---|--- \n3.1.3| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-21T15:54:11", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-07-21T15:54:11", "id": "D749198CFA398E3FE70DB177828133BCFDE49DD1D6A4B6CD094FCE9101F991A4", "href": "https://www.ibm.com/support/pages/node/6251241", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:59", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 &amp; 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server, has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0.x \nITNM| 3.9 \nITNM| 4.1.1.x \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0.x| Please refer to section \"**For V8.5.0.0 through 8.5.5.17:**\" of [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" ) \nITNM| 4.1.1.x| Please refer to section \"**For V7.0.0.0 through 7.0.0.45:**\" of [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" ) \nITNM| 3.9.x| Please refer to section \"**For V7.0.0.0 through 7.0.0.45:**\" of [WebSphere Application Server is vulnerable to a denial of service](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-04-30T15:34:47", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-04-30T15:34:47", "id": "44307B44119A69F2A7E2E3CC5B1FD7B80E121C1C95887759C5496379420C526E", "href": "https://www.ibm.com/support/pages/node/6204024", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T05:46:25", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Versions\n\n| Affected Supporting Product and Versions \n---|--- \n \nIBM Case Manager 5.1.1\n\nIBM Case Manager 5.2.0 \nIBM Case Manager 5.2.1 \nIBM Case Manager 5.3.0 \nIBM Case Manager 5.3.1 \nIBM Case Manager 5.3.2 \nIBM Case Manager 5.3.3\n\n| \n\nIBM WebSphere Application Server 7.0\n\nIBM WebSphere Application Server 8.0\n\nIBM WebSphere Application Server 8.5 \nIBM WebSphere Application Server 9.0 \n \n## Remediation/Fixes\n\nReview security bulletin [Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-31T19:57:48", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-01-31T19:57:48", "id": "DB96F671D2C03801FFDB9E0404F5E6EB5CE8F28F9A4DF89501AEDFCF7E039266", "href": "https://www.ibm.com/support/pages/node/1288300", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:46:29", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * Liberty\n * Version 9.0\n * Version 8.5\n * Version 8.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-30T22:05:17", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server bundled with IBM WebSphere Application Server Patterns is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-01-30T22:05:17", "id": "1789DD677115A931C8718DBD3105CB40D233231B07926E1BCDDA0E9CBB32C539", "href": "https://www.ibm.com/support/pages/node/1285492", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:37", "description": "## Summary\n\nWebSphere liberty is vulnerable to a DOS\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - Compare &amp; Comply| All \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Compare and Comply for IBM Cloud Pak for Data 1.1.8. To download the software, go to Passport Advantage, then search for \"watson compare and comply for ICP for Data\", then select IBM Watson Compare and Comply for ICP for Data V1.1.8 Linux English , part number CC6J1EN.\n\n.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-14T17:49:48", "type": "ibm", "title": "Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-14T17:49:48", "id": "AE00FB59C4C5890B5FB641690EEA9F234AE860A6025824F78EBD0F309BF503F1", "href": "https://www.ibm.com/support/pages/node/6205963", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:44:10", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 - 1.1.3.5 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.0 - 1.1.3.3 | \n\nWebsphere Application Server Full Profile 8.5.5\n\n| \n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-28T01:20:13", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service shipped with Jazz for Service Management (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-02-28T01:20:13", "id": "FE28B8898498A227E2220C2F9647F725699EEA511DFACC3A1387E05664F8B1CE", "href": "https://www.ibm.com/support/pages/node/3653385", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:55:23", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Key Lifecycle Manager| 4.0 \nIBM Security Key Lifecycle Manager| 3.0.1 \n \n## Remediation/Fixes\n\nPlease consult the following Security Bulletins:\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-cve-2019-4720> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-28T20:47:55", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-05-28T20:47:55", "id": "583B4EC604B94C469C4DE44FF99FFC90AB1BE9C2A84ECBEDB90D7CDD5FE2E8CA", "href": "https://www.ibm.com/support/pages/node/6217187", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:46:30", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM WebSphere Remote Server - Product Family| 9.0, 8.5, 7.0 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n\nPrincipal Product and Version(s)\n\n| \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nWebSphere Remote Server \n9.0, 8.5, 7.0\n\n| \n\nWebSphere Application Server 9.0, 8.5, 8.0, 7.0\n\n| \n\n[WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-30T23:55:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-01-30T23:55:52", "id": "2A65FC125DA729940F7D04409677484F9FC90234EBEC407C2CC3CBD042F7D26C", "href": "https://www.ibm.com/support/pages/node/1285558", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:23", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.0~7.1.0.18 \n \n \n\n\n## Remediation/Fixes\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| _7.1.0.19_| _IJ24285_| [IBM Tivoli Netcool Impact 7.1.0 FP19](<https://www.ibm.com/support/pages/node/6210359> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-30T10:49:18", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-06-30T10:49:18", "id": "1C0D8FC2A9F7C68A34516E16D0E30997245D9487C0AA3C2F80109E35400A48A6", "href": "https://www.ibm.com/support/pages/node/6242158", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:41:53", "description": "## Summary\n\nIBM CICS TX on Cloud has addressed the following vulnerability reported by IBM\u00ae WebSphere Application Server Liberty \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX on Cloud| 10.1.0.0 \n \n\n\n## Remediation/Fixes\n\nProduct| Version| Defect| Remediation / First Fix \n---|---|---|--- \nIBM CICS TX on Cloud| 10.1.0.0| 126164| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=IBM_CICSTX_on_Cloud_SpecialFIX_032020&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T20:49:24", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect IBM CICS TX on Cloud", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2023-02-14T20:49:24", "id": "0676DC64D9FAAA5543CCE97F95B289A6DF997F20DD2C5C84724916098603BA58", "href": "https://www.ibm.com/support/pages/node/6201681", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:43:34", "description": "## Summary\n\nA WebSphere liberty vulnerability to a DOS has been fixed in Liberty 20.0.0.5. This fix is included in ICP Watson_Text_to_Speech, Speech to Text v1.1.2 (6/19/20). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech to Text Customer Care| 1.0.1-1.1 \n \n\n\n## Remediation/Fixes\n\nA WebSphere liberty vulnerability to a DOS has been fixed in Liberty 20.0.0.5. This fix is included in ICP Watson_Text_to_Speech, Speech to Text v1.1.2 (6/19/20). Please download and install the latest version to receive this fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2023-01-12T21:59:00", "id": "92DDBBDC460D6543CB9BFE965F63EDA565CCD1EA4CB283723A921DEDE857ACC5", "href": "https://www.ibm.com/support/pages/node/6238342", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:50:26", "description": "## Summary\n\nWebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \nV8.0 \nWebSphere Enterprise Service Bus| V7.5 \nV7.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-14T15:02:20", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2022-09-14T15:02:20", "id": "F1B3634B8733584864D98B4C436B7290E24275D03ABB8EEFDD4B8AA27AF04574", "href": "https://www.ibm.com/support/pages/node/1488741", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T17:47:53", "description": "## Summary\n\nThere is a denial of service vulnerablility in WebSphere Application Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLiberty for Java| 3.37 \n \n\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java 3.42-20200311-1540 or higher, you must re-stage or re-push your application \n\nTo find the current version of Liberty for Java in IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands:\n\ncf ssh &lt;appname&gt; -c cat \"staging_info.yml\"\n\nLook for the following lines:\n\n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-19.0.0_9, buildpack-v3.37-20191002-1726, ibmjdk-1.8.0_sr5fp41-20190919, env)\",\"start_command\":\".liberty/initial_startup.rb\"}\n\nTo re-stage your application using the command-line Cloud Foundry client, use the following command:\n\ncf restage &lt;appname&gt;\n\nTo re-push your application using the command-line Cloud Foundry client, use the following command:\n\ncf push &lt;appname&gt;\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-07T16:01:56", "type": "ibm", "title": "Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2022-10-07T16:01:56", "id": "7F64ABD83A792D617A2AF9021224D3891ACD98806409091724BD7F4981A1DEB7", "href": "https://www.ibm.com/support/pages/node/5967987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T18:01:23", "description": "## Summary\n\nDenial of service vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway Web Service requests. CICS Transaction Gateway addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCICS Transaction Gateway| v9.1.0.0 - 9.1.0.3 \nCICS Transaction Gateway| V9.2.0.0 - 9.2.0.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade the WebSphere Application Server Liberty Core used by CICS TG Gateway daemon. Updated WebSphere Application Server Liberty Core files used by Gateway daemon are made available on Fix Central.\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nCICS Transaction Gateway for Multiplatforms| 9.2.0.0 \n9.2.0.1 \n9.2.0.2| PH24764| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&amp;fixids=92-CICSTG-Liberty-PH24764&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=92-CICSTG-Liberty-PH24764&source=SAR>) \nCICS Transaction Gateway for Multiplatforms| 9.1.0.0 \n9.1.0.1 \n9.1.0.2 \n9.1.0.3| PH24764| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&amp;fixids=91-CICSTG-Liberty-PH24764&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=91-CICSTG-Liberty-PH24764&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-09T16:57:12", "type": "ibm", "title": "Security Bulletin: Potential denial of service vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2021-12-09T16:57:12", "id": "4B9B5973ECB6BF9D964D666AB84A86D0BE4913C96B2CD56E503C78B2893FB8AA", "href": "https://www.ibm.com/support/pages/node/6202462", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:45:06", "description": "## Summary\n\nThere are vulnerabilities in IBM WebSphere Application Server Liberty that affect Rhapsody DM.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRhapsody DM| 6.0.6 \nRhapsody DM| 6.0.6.1 \nRhapsody DM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\nThe IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published. \n\nFor CLM applications version 6.0 to 6.0.6.1 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:[ \n](<https://www.ibm.com/support/pages/node/1127367> \"Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting \\(CVE-2019-4663\\)\" )[ \n](<https://www.ibm.com/support/pages/node/1127367> \"Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting \\(CVE-2019-4663\\)\" )[Security Bulletin: WebSphere Application Server is vulnerable to Apache Commons Beanutils (CVE-2019-10086)](<https://www.ibm.com/support/pages/node/1115085> \"Security Bulletin: WebSphere Application Server is vulnerable to Apache Commons Beanutils \\(CVE-2019-10086\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"Security Bulletin: WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n\n[Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)](<https://www.ibm.com/support/pages/node/1289152> \"Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console \\(CVE-2019-4670\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)](<https://www.ibm.com/support/pages/node/1288786> \"Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability \\(CVE-2020-4163\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-13T14:42:12", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10086", "CVE-2019-4663", "CVE-2019-4670", "CVE-2019-4720", "CVE-2020-4163"], "modified": "2020-02-13T14:42:12", "id": "567625FF8DF333D5C563E40EDFFF9516FF13EA40EAFE9A2E68635850284A1A44", "href": "https://www.ibm.com/support/pages/node/2403987", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:51", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Predictive Customer Intelligence| 1.0.0 \nIBM Predictive Customer Intelligence| 1.0.1 \nIBM Predictive Customer Intelligence| 1.1 \nIBM Predictive Customer Intelligence| 1.1.1 \nIBM Predictive Customer Intelligence| 1.1.2 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Versions**\n\n| \n\n**Affected Supporting Product Security Bulletin** \n \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1 | \n\nWebsphere Application Server 8.5.5\n\n| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \nPredictive Customer Intelligence 1.1 and 1.1.1\n\n| \n\nWebsphere Application Server 8.5.5.6\n\n| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \nPredictive Customer Intelligence 1.1.2\n\n| \n\nWebsphere Application Server 9.0.0.4\n\n| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-15T21:08:22", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-06-15T21:08:22", "id": "98753DD5A47155B43FDD85B8F35D8CA58ADD17824EBC1C028635D87D3D94F55C", "href": "https://www.ibm.com/support/pages/node/6232784", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:47:02", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 9.0\n * 8.5\n * 8.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-26T16:32:54", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server Bundled With IBM WebSphere Application Server Patterns (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-26T16:32:54", "id": "14082B1B5D41B7616A5E295FA25DD7F0E1BAF096180976605B25CBAB04D957BC", "href": "https://www.ibm.com/support/pages/node/6120789", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:53", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository V8.0 and V8.5 are affected.\n\n**Principle Product and Version(s)**| **Affected Supporting Product and Version(s)** \n---|--- \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes: \n\n * [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4276> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T14:38:43", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-30T14:38:43", "id": "5B1CAC420B37804647C541FAC183826F2E21797B0700F6651A1152500668559E", "href": "https://www.ibm.com/support/pages/node/6129207", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:56", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| All \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nWebSphere Remote Server \n9.0, 8.5, 7.1, 7.0| WebSphere Application Server 9.0, 8.5, 8.0, 7.0| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-27T14:40:36", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-27T14:40:36", "id": "EDC8FA617866F99772D842D31A33C6C6C4A0DDAD538375D9285202B64BACC05D", "href": "https://www.ibm.com/support/pages/node/6124881", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:44:31", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager.\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-07-24T22:19:08", "id": "378BE0AE9115556839B6838DD143454A31F920F6E06B153C6C912D736A8A5E6B", "href": "https://www.ibm.com/support/pages/node/6124509", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:36", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \n| IBM Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, and V1.6.0.3 \n--- \nIBM WebSphere Application Server V7.0, V8.0, V8.5, V9.0 \nIBM Intelligent Operations Center for Emergency Management V1.6| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T09:02:46", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-10T09:02:46", "id": "E643425D7938402C778E161E848033FFD16F90BB75AD7E88227977F59105471B", "href": "https://www.ibm.com/support/pages/node/6175011", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:54", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes: \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T22:10:28", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-30T22:10:28", "id": "E477BE4D73F72972D5ED04AE1F52E86348D8674550100046AC9C2F465DC3514C", "href": "https://www.ibm.com/support/pages/node/6129579", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:55:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 &amp; 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0.x \nITNM| 4.1.1.x \nITNM| 3.9.x \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0.x| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V8.5.0.0 through 8.5.5.17:** \n \nITNM| 4.1.1.x| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9.x| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-06-09T17:09:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-06-09T17:09:52", "id": "5F3403ED8D02DAA10FBA538CB4DCF56BD8B109CAED21CA46B345AAC79FF9F20F", "href": "https://www.ibm.com/support/pages/node/6221292", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:46:50", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with Tivoli Access Manager for e-business. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Access Manager for e-business| 6.1.1.x \nIBM Tivoli Access Manager for e-business| 6.1.x \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Versions| Affected Supporting Products and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nTivoli Access Manager for e-business 6.1.x, 6.1.1.x| IBM WebSphere Application Server 7.0.0.X| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-31T23:01:05", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-31T23:01:05", "id": "CF96155EBDBFEB76CEC027341CADB800CDAE0961E8A5F5AA5EFB7272EA972F66", "href": "https://www.ibm.com/support/pages/node/6148029", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-09T02:53:55", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-09T02:53:55", "id": "96131552C11C489EF2F142CAF94550F397BAD1654456F371568AEC0B3C92AE59", "href": "https://www.ibm.com/support/pages/node/6173691", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:38", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \nIBM Case Manager| 5.1.1 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T21:05:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-10T21:05:04", "id": "F2C0FD9B6F69E9045C9C79CC5F846E47457E4B2414EED330DCE2A52BEF475BF0", "href": "https://www.ibm.com/support/pages/node/6177741", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:52", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V8.5.0.0 through 8.5.5.17:** \n \nITNCM| 6.4.1| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-06-15T10:58:16", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-06-15T10:58:16", "id": "9F51227A933365BAB4E61C4D1E8695CE3A2CAEAE27CCC9C6EDD242CBF9439834", "href": "https://www.ibm.com/support/pages/node/6232486", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:45:26", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Watson. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1| IBM WebSphere Application Server 9.0.0.10 \nIBM OpenPages GRC Platform 7.4/8.0| IBM WebSphere Application Server 9.0.0.3 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/6118222> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-05-28T22:06:26", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-05-28T22:06:26", "id": "3025667363AA4FD0A84EA6FC4AC56CB4074FA1571D208441ACE2404576480801", "href": "https://www.ibm.com/support/pages/node/6194781", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:46:53", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4276)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4276> \"WebSphere Application Server is vulnerable to a command execution vulnerability \\(CVE-2020-4276\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T15:51:29", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-30T15:51:29", "id": "38196E5969E3832D5283656E865BC6AC8E6148796AD06026B314C2AFB93E932C", "href": "https://www.ibm.com/support/pages/node/6129285", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:05", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Applications| \n\nWebSphere Application Server\n\n * 9.0 \n| \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T17:53:23", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server Bundled With IBM Cloud Pak for Applications (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-04-27T17:53:23", "id": "87C8C87F4B6B5E4949B0BBE1E6C16D7511DCBB8AA384A4558293B4D8FA1143F6", "href": "https://www.ibm.com/support/pages/node/6201987", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:47:00", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4276](<https://vulners.com/cve/CVE-2020-4276>) \n** DESCRIPTION: **IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server| 9.0 \nWebSphere Application Server| 7.0 \nWebSphere Application Server| 8.0 \nWebSphere Application Server| 8.5 \n \n\n\n## Remediation/Fixes\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.3:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.4 or later (targeted availability 2Q2020). \n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH21511](<https://www.ibm.com/support/pages/node/6118006> \"PH21511\" ) \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-25T22:53:21", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-03-25T22:53:21", "id": "A778665E3A13285610D462BB48B8B364C628140C0274B757D7504580D6201440", "href": "https://www.ibm.com/support/pages/node/6118222", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:55:24", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 - 1.1.3.6 \n \n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.6| \n\nWebsphere Application Server Full Profile 8.5.5\n\n| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-28T20:55:29", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to Privilege Escalation Vulnerability (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2020-05-28T20:55:29", "id": "8623F3BCA39750F461E25D38E5D80C77F99E3F53EEDF08FE02CB010C7347CEA3", "href": "https://www.ibm.com/support/pages/node/6209681", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T17:50:03", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Enterprise Service Bus| All \nWebSphere Enterprise Service Bus Registry Edition| All \nIBM Business Automation Workflow| 18.0 \n19.0 \nIBM Business Process Manager| 8.6 \nIBM Business Process Manager| 8.5.7 \nIBM Business Process Manager| 8.5.0 \nIBM Business Automation Workflow| 18.0 \nIBM Business Process Manager| 8.0 \nIBM Business Process Manager| 8.5.5 \nIBM Business Process Manager| 8.5 \nIBM Business Process Manager| 8.5.6 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin: [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)](<https://www.ibm.com/support/pages/node/6118222> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4276\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4276)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2022-09-14T15:28:14", "id": "113259207D52BE413F3CAE31F271253A23E845C8A2B64D5637DC8B875CD4F3ED", "href": "https://www.ibm.com/support/pages/node/6120975", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:14", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-20T15:49:54", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-20T15:49:54", "id": "7BA12B7A2C2BCEE40A55BB21BC529BDB0D9B20B59E6F2983995AF5849503866F", "href": "https://www.ibm.com/support/pages/node/6195405", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:51:48", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.1.1| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:25:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-24T12:25:01", "id": "46A70A5DCC82B9F0BE8D09EF31A748079C7C3F6ACC5769FC8CF7E487AB1D0EA9", "href": "https://www.ibm.com/support/pages/node/6320859", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:51:37", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Common Reporting| 3.1.3 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Jazz for Service Management Releases \n**| **Remediation** \n---|--- \n1.1.3 - 1.1.3.7| \n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-28T06:00:34", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to Privilege Escalation (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-28T06:00:34", "id": "8DA236BF190960C2E20C01B1DDE110742EBA0BB278E6174D1B98558B3FE80575", "href": "https://www.ibm.com/support/pages/node/6324079", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:51:49", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \n \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:33:10", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-24T12:33:10", "id": "9081ED85EA10CB575BFD1EB11FA27A662DFAB7101202111CD17F820A9D435CE8", "href": "https://www.ibm.com/support/pages/node/6320867", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:52:18", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nContent Collector for Email 4.0.0, 4.0.1\n\n \n\n\n## Remediation/Fixes\n\n**Product**| **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.0, 4.0.1| Use Content Collector for Email 4.0.1.9 [Interim Fix IF006](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.9-IBM-ICC-IF006&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-06T17:16:24", "type": "ibm", "title": "Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to a privilege escalation vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-08-06T17:16:24", "id": "25CD6FE340F22514220FD6473DC911FECCFC9E40EE608FECC7A422AEEE34ECB9", "href": "https://www.ibm.com/support/pages/node/6257135", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:03", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V8.5.0.0 through 8.5.5.17:** \n \nITNCM| 6.4.1| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-14T14:51:06", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-07-14T14:51:06", "id": "B60F2DE561421149178C0830D6DD1EA4E4B1D14D2A06C69E877CB955E38F038A", "href": "https://www.ibm.com/support/pages/node/6247927", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:45:25", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Watson. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1| IBM WebSphere Application Server 9.0.0.10 \nIBM OpenPages GRC Platform 7.4/8.0| IBM WebSphere Application Server 9.0.0.3 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-05-28T22:04:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-05-28T22:04:08", "id": "B9E90543C3CF1DFBA0782BBC29DAC9E1D62AB90500B4CD771DBABED35D5F3C0A", "href": "https://www.ibm.com/support/pages/node/6194799", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:46:06", "description": "## Summary\n\nIn the WebSphere Application Server Admin console where the Rational Asset Manager is deployed, a privilege escalation vulnerability is observed. Information about these security vulnerability affecting WebSphere Application Server is published in the respective security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.\n\n**NOTE:** Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). **Affected Supporting Product** | **Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. | [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T13:41:43", "type": "ibm", "title": "Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where the Rational Asset Manager is deployed (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-27T13:41:43", "id": "4CFD829FC5689C830F733DAAFC137E197362F6BE4BEBE94E8E13BF7B2EF0B11E", "href": "https://www.ibm.com/support/pages/node/6201714", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:45", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli Business Service Manager 6.1.0 all Fixpacks \nIBM Tivoli Business Service Manager 6.1.1 all Fixpacks \nIBM Tivoli Business Service Manager 6.2.0.0 \u2013 6.2.0.2 Interim Fix 1\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Tivoli Business Service Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Business Service Manager 6.1.0 \nIBM Tivoli Business Service Manager 6.1.1| IBM WebSphere Application Server 7.0| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nIBM Tivoli Business Service Manager 6.2.0| IBM WebSphere Application Server 8.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T05:40:40", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-19T05:40:40", "id": "984C658A69722C7E2D34C03CB9FA5EF111C30C21C8A4692FD40619BAD0DA6426", "href": "https://www.ibm.com/support/pages/node/6235664", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:05", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nIBM Cloud Pak for Applications, all versions| WebSphere Application Server: \n\n * 9.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-27T21:41:18", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM Cloud Pak for Applications (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-27T21:41:18", "id": "F34B5F292CB847FA020D7DE6B1D106C2936615E0FDD5B4DA8BCD5F33FFC8563D", "href": "https://www.ibm.com/support/pages/node/6202344", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:58", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server 8.5 \n \n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-12T07:56:46", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-12T07:56:46", "id": "6A4BBC92633A5E34B48E1547834611BAAD85CE223FC5369B32BA4F23A5EC9C73", "href": "https://www.ibm.com/support/pages/node/6228668", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:16", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s) \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: \n \n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/security-bulletin-privilege-escalation-vulnerability-websphere-application-server-cve-2020-4362> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-20T16:50:37", "type": "ibm", "title": "Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-20T16:50:37", "id": "AAD609CAA94C916589F4887D6CD5C2416E4F6208E4578B25FA022618187A432A", "href": "https://www.ibm.com/support/pages/node/6195413", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:37", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417?myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T14:32:07", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-10T14:32:07", "id": "C698ACD8BD878FFAF13B5530425B16956E9503FE860A025CB74500FC8F4D6D5D", "href": "https://www.ibm.com/support/pages/node/6177627", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:21", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-30T17:42:32", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-30T17:42:32", "id": "C658FC5F35EA81EA139B8BD636CD7716958E2E2F1D560D0AFDE22AFAB6106BA0", "href": "https://www.ibm.com/support/pages/node/6242302", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:30", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 and fixpacks \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.7| Websphere Application Server Full Profile 8.5.5 | [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \nJazz for Service Management version 1.1.3.7| \n\nWebsphere Application Server Full Profile 9.0\n\n| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-26T06:18:21", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to Privilege Escalation Vulnerability (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-26T06:18:21", "id": "154976217130EF4C017061ED199482E4956FF91CB6AF94EDCB8B76B1BB6C9BD1", "href": "https://www.ibm.com/support/pages/node/6238854", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:35", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletins(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \nIBM Case Manager| 5.1.1 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T20:54:36", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-10T20:54:36", "id": "F506FF540835CEFD27133D3CB3A0A3BA032DD083A74134905F9B468ADF436E2F", "href": "https://www.ibm.com/support/pages/node/6177729", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:34", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| 9.0, 8.5, 7.1, 7.0 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nWebSphere Remote Server \n9.0, 8.5, 7.1, 7.0\n\n| \n\nWebSphere Application Server 9.0, 8.5, 8.0, 7.0\n\n| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-13T13:53:45", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-13T13:53:45", "id": "70206BCCE747ADF9964BC5AC7DD6EB8D8DAA93482BF8885A9081AAAB7BEAB1D3", "href": "https://www.ibm.com/support/pages/node/6187575", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:38", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 8.0\n * 8.5\n * 9.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T16:50:32", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-10T16:50:32", "id": "04ABBB708923892B731E5E85494310295FECB96BEABA340DE48D8A568440E716", "href": "https://www.ibm.com/support/pages/node/6177705", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:04", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.2; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0 \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0| [Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V8.5.0.0 through 8.5.5.17:** \n \nITNM| 4.1.1| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[Privilege Escalation Vulnerability in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server\" )\n\nSee Section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-14T14:49:38", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-07-14T14:49:38", "id": "44783FBE5A56631F824B0BD81DD9283D986371A072B0452A51C478BF8C46E0FD", "href": "https://www.ibm.com/support/pages/node/6247919", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:45:30", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n[Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-28T21:20:37", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-05-28T21:20:37", "id": "602F7DC12145A4C85D2027947D4108B54FAD7C292FC222DA0A6A2CF4FAF28D0E", "href": "https://www.ibm.com/support/pages/node/6192987", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:46:31", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \n| IBM Intelligent Operations Center V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, and V1.6.0.3 \n--- \nIBM WebSphere Application Server V7.0, V8.0, V8.5, V9.0 \nIBM Intelligent Operations Center for Emergency Management V1.6| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-14T09:32:59", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-04-14T09:32:59", "id": "84A310ED49DE6752B94CA056CE617FCBEDD44DC4D9D5740C3D037B5256856767", "href": "https://www.ibm.com/support/pages/node/6189495", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:45:23", "description": "## Summary\n\nThere is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4362](<https://vulners.com/cve/CVE-2020-4362>) \n**DESCRIPTION: **IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server | 9.0 \nWebSphere Application Server | 8.5 \nWebSphere Application Server | 8.0 \nWebSphere Application Server | 7.0 \n \n## Remediation/Fixes\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.4:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.5 or later (targeted availability 3Q2020). \n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH23853](<https://www.ibm.com/support/pages/node/6174273> \"PH23853\" ). \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-09T21:47:47", "type": "ibm", "title": "Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2020-06-09T21:47:47", "id": "0F7411C38D450D0D17C9E0514668E2F096EAD5FA2260C48F544A9D0EC99938E3", "href": "https://www.ibm.com/support/pages/node/6174417", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-05T17:49:58", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \nV8.0 \nWebSphere Enterprise Service Bus| V7.5 \nV7.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: [Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)](<https://www.ibm.com/support/pages/node/6174417> \"Privilege Escalation Vulnerability in WebSphere Application Server \\(CVE-2020-4362\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4362)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2022-09-14T15:28:14", "id": "9E1BB215B06E70813889A210BA1C63DEA88480C8704FBDA41B1612E059BF1140", "href": "https://www.ibm.com/support/pages/node/6202786", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:53:35", "description": "## Summary\n\nSecurity vulnerability affects IBM Watson Explorer.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Explorer Deep Analytics Edition oneWEX Components| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.3 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.3 \n \nIBM Watson Explorer Deep Analytics Edition Annotation Administration Console| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.3 \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.7 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.7 \nIBM Watson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0.0.0 - 10.0.0.6 \n \n## Remediation/Fixes\n\n**Affected Product**| **Affected Versions**| **Fix** \n---|---|--- \nIBM Watson Explorer DAE \noneWEX Components| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.3\n\n| \n\nUpgrade to Version 12.0.3.4. \n\nSee [Watson Explorer Version 12.0.3.4 oneWEX](<https://www.ibm.com/support/pages/node/6244512>) for download information and instructions. \n \nIBM Watson Explorer DAE Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.3\n\n| \n\nUpgrade to Version 12.0.3.4. \n\nSee [Watson Explorer Version 12.0.3.4 Analytical Components](<https://www.ibm.com/support/pages/node/6244516>) for download information and instructions. \n \nIBM Watson Explorer DAE Foundational Components Annotation Administration Console| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.3\n\n| \n\nUpgrade to Version 12.0.3.4. \n\nSee [Watson Explorer Version 12.0.3.4 Foundational Components](<https://www.ibm.com/support/pages/node/6244514>) for download information and instructions. \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.7| Upgrade to Watson Explorer Analytical Components Version 11.0.2 Fix Pack 8. For information about this version, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/6244518>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.7| Upgrade to Watson Explorer Foundational Components Annotation Administration Console Version 11.0.2 Fix Pack 8. For information about this version, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/6244520>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \nIBM Watson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| **Important:** Perform these steps as a Watson Explorer Analytical Components administrative user, typically esadmin. \n\n 1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039430>)).\n 2. Download the package from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-AEAnalytical-IF008** and extract the contents of the fix into a temporary directory.\n 3. See the [Updating WebSphere Liberty and IBM Java Runtime used in IBM Watson Explorer Analytical Components](<https://www.ibm.com/support/pages/node/6250385>) for detailed instructions how to apply the fix. \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0.0.0 - 10.0.0.6| \n\n 1. If not already installed, install Watson Explorer Foundational Components Annotation Administration Console Version 10.0 Fix Pack 6 (see the [download document](<https://www.ibm.com/support/pages/node/877462>)).\n 2. Download the package for your edition (Enterprise or Advanced) from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.6&platform=All&function=all#Others>): interim fix **10.0.0.6-WS-WatsonExplorer-&lt;Edition&gt;FoundationalAAC-IF003** and extract the contents of the fix into a temporary directory.\n 3. See the [Updating WebSphere Liberty and IBM Java Runtime used in IBM Watson Explorer Analytical Components](<https://www.ibm.com/support/pages/node/6250385>) for detailed instructions how to apply the fix. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-22T06:09:43", "type": "ibm", "title": "Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-22T06:09:43", "id": "C9DE4845305DF0F83378929053ED892F37959591039ECF2D78BF547B6F112585", "href": "https://www.ibm.com/support/pages/node/6250343", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:50:30", "description": "## Summary\n\nA security vulnerability has been identified In WebSphere Liberty Server shipped with IBM Global Mailbox.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Global High Availability Mailbox| 6.0.2 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nGlobal Mailbox version 6.1.0.0 \n\n| \n\nWebsphere Liberty version 20.0.0.5\n\n| \n\n[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n \nB2Bi v6.1.0.0 is now available on Passport Advantage and Fix Central.\n\nHere are the Fix Central links for IIM images.\n\nB2Bi ( Media +SDK)\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&amp;fixids=6.1.0.0-OtherSoftware-B2Bi-All&amp;source=dbluesearch&amp;function=fixId&amp;parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-B2Bi-All&source=dbluesearch&function=fixId&parent=ibm/Other%20software>)\n\nSFG ( Media +SDK)\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+File+Gateway&amp;fixids=6.1.0.0-OtherSoftware-SFG-All&amp;source=SAR&amp;function=fixId&amp;parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.1.0.0-OtherSoftware-SFG-All&source=SAR&function=fixId&parent=ibm/Other%20software>)\n\nSwift package\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&amp;fixids=6.1.0.0-OtherSoftware-all-Swift2016&amp;source=SAR&amp;function=fixId&amp;parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-all-Swift2016&source=SAR&function=fixId&parent=ibm/Other%20software>)\n\nStandard Executables\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&amp;fixids=6.1.0.0-OtherSoftware-all-Standards-exe-MapEditor-exe&amp;source=SAR&amp;function=fixId&amp;parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.0.0-OtherSoftware-all-Standards-exe-MapEditor-exe&source=SAR&function=fixId&parent=ibm/Other%20software>)\n\nAll above executables as well as **Certified Container images** are also available on Passport Advantage now.\n\nNote:- For 6.1.0.0 we did not publish docker images.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-09-29T08:51:15", "type": "ibm", "title": "Security Bulletin: Security vulnerability in WebSphere Liberty Server shipped with IBM Global Mailbox (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-09-29T08:51:15", "id": "A5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673", "href": "https://www.ibm.com/support/pages/node/6339077", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:12", "description": "## Summary\n\nInformation disclosure in WebSphere Liberty component used by the Event Streams REST implementation\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Event Streams| 2019.2.1, 2019.4.1, 2019.4.2 \nIBM Event Streams in IBM Cloud Pak for Integration| 2019.2.2, 2019.2.3, 2019.4.1, 2019.4.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade from IBM Event Streams 2019.2.1, IBM Event Streams 2019.4.1 and IBM Event Streams 2019.4.2 to the [latest Fix Pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Event+Streams&release=All&platform=All&function=all> \"latest Fix Pack\" ). \n\nUpgrade IBM Event Streams 2019.2.2, IBM Event Streams 2019.2.3, IBM Event Streams 2019.4.1 and IBM Event Streams 2019.4.2 in IBM Cloud Pak for Integration by downloading IBM Event Streams 2019.4.3 in IBM Cloud Pak for Integration 2020.1.1.1 from IBM Entitled Registry\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-10T12:47:32", "type": "ibm", "title": "Security Bulletin: Information disclosure in WebSphere Liberty (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-10T12:47:32", "id": "6A0D9421C284C29C699BD48273C99B57CF4E764A76760B5A163F68BA4E03AA6F", "href": "https://www.ibm.com/support/pages/node/6257791", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:48:26", "description": "## Summary\n\nA potential vulnerability has been identified related to IBM WebSphere Application Server. Refer to details for additional information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWA for ICP| 1.4.0, 1.4.1, 1.4.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade to the latest (1.5.0) release of WA for CP4D which maintains backward compatibility with the versions listed above.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-09T16:32:11", "type": "ibm", "title": "Security Bulletin: Potential vulnerability with IBM WebSphere Application Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-12-09T16:32:11", "id": "0E85F055F69C36F1AFCDA9AA4C7476B24B7826864D94024DCA43C8F828A3D547", "href": "https://www.ibm.com/support/pages/node/6378000", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:45:12", "description": "## Summary\n\nIBM Security Directory Suite (SDS VA) has addressed the following vulnerability due to remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSDS VA| 8.0.1 \n \n\n\n## Remediation/Fixes\n\n## \n\n\n**Product** | **VRMF**| **Remediation** \n---|---|--- \nIBM Security Directory Suite| 8.0.1.15| [8.0.1.15-ISS-ISDS_20210108-0043](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Security+Directory+Suite&fixids=8.0.1.15-ISS-ISDS_20210108-0043.pkg&source=SAR&function=fixId&parent=IBM%20Security> \"8.0.1.15-ISS-ISDS_20210108-0043\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-16T20:01:45", "type": "ibm", "title": "Security Bulletin: IBM Security Directory Suite is affected by a vulnerability (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2021-03-16T20:01:45", "id": "CE7B09FDAB4AD52C4D2DF48D876D11F77AB8D075D2126DF86BCFAB3FD1F6D522", "href": "https://www.ibm.com/support/pages/node/6430721", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:45:39", "description": "## Summary\n\nIBM Security Privileged Identity Manager has addressed an issue for Information disclosure in WebSphere Application Server - Liberty.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISPIM| 2.1.1 \nISPIM| 2.0.2 \nISPIM| 2.1.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s) | Remediation \n---|---|--- \nISPIM| 2.1.1| [2.1.1-ISS-ISPIM-VA-FP0006](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.1-ISS-ISPIM-VA-FP0006> \"\" ) \n \nISPIM| 2.1.0| [2.1.0-ISS-ISPIM-VA-FP0013](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.0-ISS-ISPIM-VA-FP0013&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=SAR> \"\" ) \n---|---|--- \nISPIM| 2.0.2| [2.0.2-ISS-ISPIM-VA-FP0013](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0013&includeRequisites=1&includeSup> \"\" ) \n---|---|--- \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-09T09:29:25", "type": "ibm", "title": "Security Bulletin: IBM Security Privileged Identity Manager is affected by an information disclosure (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2021-03-09T09:29:25", "id": "EE8D3A0FEFA67706787A5BC66641D09B2650AEC307F61637154D7B7341BF2EB2", "href": "https://www.ibm.com/support/pages/node/6427555", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:47:37", "description": "## Summary\n\nInformation disclosure in WebSphere Application Server. It has been addressed with https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Workload Scheduler| 9.5 \n \n\n\n## Remediation/Fixes\n\nAPAR IJ30011 has been opened to address CVE-2020-4329. \nApar IJ30011 has been included in IBM Workload Scheduler 9.5 FP03 and it is already available on FixCentral.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-01-11T08:13:56", "type": "ibm", "title": "Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329) may affect IBM Workload Scheduler", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2021-01-11T08:13:56", "id": "C22CC0C04AA48102CB2EBEF5AD691FDAD7FE1267768536619BBE66401698B809", "href": "https://www.ibm.com/support/pages/node/6402479", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:49", "description": "## Summary\n\nTXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM\u00ae WebSphere Application Server liberty \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM TXSeries for Multiplatforms| 8.2.0.0 - 8.2.0.2 \nIBM TXSeries for Multiplatforms| 9.1.0.0 - 9.1.0.1 \n \n\n\n## Remediation/Fixes\n\nProduct| Version| Defect| Remediation / First Fix \n---|---|---|--- \nIBM TXSeries for Multiplatforms v9.1| \n\n9.1.0.0\n\n9.1.0.1\n\n| 126343| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_9.1_SpecialFix_liberty_082020&source=SAR>) \nIBM TXSeries for Multiplatforms v8.2| \n\n8.2.0.0\n\n8.2.0.1\n\n8.2.0.2\n\n| 126343| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_8.2_SpecialFix_liberty_082020&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-24T11:38:08", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable to information disclosure that affects TXSeries for Multiplatforms", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-24T11:38:08", "id": "3145AF0C5406567F174CE24AB15ECCCBF1EDAC271CA314F0505020DA0354DFD8", "href": "https://www.ibm.com/support/pages/node/6320845", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:43:49", "description": "## Summary\n\nWebSphere Application Server security vulnerability in FileNet Content Manager\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nFileNet Content Manager| 5.5.3 \nFileNet Content Manager| 5.5.4 \n \n## Remediation/Fixes\n\nUpgrade to one of the below releases: \n \n\n\n** Product**| ** VRMF**| ** APAR**| ** Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager| 5.5.3 \n5.5.4| [PJ46150](<https://www.ibm.com/support/pages/apar/PJ46150> \"PJ46150\" ) \n[PJ46150](<https://www.ibm.com/support/pages/apar/PJ46150> \"PJ46150\" )| 5.5.3.0-P8CPE-Container-IF003 - 7/16/2020 \n5.5.4.0-P8CPE-Container-IF002 - 7/21/2020 \n \nOnly versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-10T22:46:04", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server security vulnerability in FileNet Content Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-11-10T22:46:04", "id": "44F8F51D369D3F744AF193AB2E497189282F22F94B8B3424EA2B099B5580CD94", "href": "https://www.ibm.com/support/pages/node/6209707", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:53", "description": "## Summary\n\nIn the WebSphere Application Server Admin console where the Rational Asset Manager is deployed, a privilege escalation vulnerability is observed. Information about this security vulnerability affecting WebSphere Application Server is published in the respective security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.\n\nNOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). **Affected Supporting Product** | **Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. | [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-13T08:49:30", "type": "ibm", "title": "Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where the Rational Asset Manager is deployed", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-06-13T08:49:30", "id": "451F72C42C9FA5B3638C6F2233F910FC635FE2A09DB2B0F71474AE8603F61D92", "href": "https://www.ibm.com/support/pages/node/6230750", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:55", "description": "## Summary\n\nIBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Cloud Private | 3.2.1 CD \nIBM Cloud Private | 3.2.2 CD \n \n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply June fix pack:\n\n * [IBM Cloud Private 3.2.1.2006](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2006-build555335-37920&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2006\" )\n\nFor IBM Cloud Private 3.2.2, apply June fix pack:\n\n * [IBM Cloud Private 3.2.2.2006](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2006-build553613-35974&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2006\" )\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-19T19:03:54", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-19T19:03:54", "id": "EF0B8ABDDF0182AD0AB63DBD4F3EA0B3769B57CF195F94A299C8DFE53DDE410A", "href": "https://www.ibm.com/support/pages/node/6261601", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:17", "description": "## Summary\n\nRational Asset Analyzer (RAA) has addressed the following vulnerability in WebSphere Application Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nAsset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nRational Asset Analyzer| 6.1.0.23 Refresh | NONE| \n\n[ RAA 6.1.0.23 Refresh for Windows](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Windows\" )\n\n[ RAA 6.1.0.23 Refresh for z/OS](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"z/OS\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-01T01:48:39", "type": "ibm", "title": "Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-01T01:48:39", "id": "889AEF340E86A1FF8AE75CD323791BF93186173C5DCEC257F97767066CFAFD1D", "href": "https://www.ibm.com/support/pages/node/6242794", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:48:07", "description": "## Summary\n\nThis security bulletin addresses the Information Disclosure vulnerability that has been found to impact Websphere Liberty in IBM Tivoli Application Dependency Discovery Manager.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager | 7.3.0.3 - 7.3.0.7 \n \n## Remediation/Fixes\n\n**Fix** | **VRMF** | **APAR** | **How to acquire fix** \n---|---|---|--- \nefix_WLP_PSIRT_20005_FP5180802.zip | 7.3.0.5 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=d1xntIrCriyAnaSvBTMF4edOlDCjcFaOLTM4ccUmbjw> \"Download eFix\" ) \nefix_WLP_PSIRT_20005_FP6190313.zip | 7.3.0.6 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=X2UV7nmubFsybnKno7kO7Vuw1UKhecloR5Ifufbw3WM> \"Download eFix\" ) \nefix_WLP_PSIRT_20005_FP7200218.zip | 7.3.0.7 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=lzxrgrP31963huJnNPxu2RgIpIe5S4oyalEFJAi60PA> \"Download eFix\" ) \n \n**Note:**\n\nBefore TADDM 7.3.0.5, Java 7 was used and the upgraded Liberty version 20.0.0.5 requires Java8. Hence, no eFix can be provided for versions before 7.3.0.5.\n\n## Workarounds and Mitigations\n\nFor customers on TADDM FixPack 3 or FixPack 4, recommendation is to upgrade to a later version and then follow the steps mentioned above.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-15T11:49:56", "type": "ibm", "title": "Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-12-15T11:49:56", "id": "51C64898345F327DD93881C52DC0BCDB22915CDD412C72A65BE394B7A650FE83", "href": "https://www.ibm.com/support/pages/node/6262861", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:47:08", "description": "## Summary\n\nA vulnerability IBM WebSphere Application Server Liberty could allow an attacker to obtain sensitive information. This vulnerability may affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments. UPDATED 1/29/2021: Added 7.1 fix for IBM Spectrum Protect for Virtual Environments: Data Protection for VMware\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| Version(s) \n---|--- \nIBM Spectrum Protect Backup-Archive web user interface| 8.1.7.0-8.1.10.0 (Linux and Windows) \n8.1.9.0-8.1.10.0 (AIX) \nIBM Spectrum Protect for Space Management| 8.1.7.0-8.1.10.0 (Linux) \n8.1.9.0-8.1.10.0 (AIX) \nIBM Spectrum Protect for Virtual Environments: Data Protection for VMware| \n\n8.1.0.0-8.1.10.0 \n7.1.0.0-7.1.8.9 \n \n \nIBM Spectrum Protect (for Virtual Environments: Data Protection for Hyper-V| 8.1.4.0-8.1.10.0 \n \n## Remediation/Fixes\n\n \n\n\n \n\n\n**_IBM Spectrum Protect Backup-Archive Client web user interface Release_**| **_First Fixing \nVRM Level_**| **_Platform_**| **_Link to Fix_** \n---|---|---|--- \n8.1| 8.1.11| AIX \nLinux \nWindows| <https://www.ibm.com/support/pages/node/6367205> \n \n \n\n\n**_IBM Spectrum Protect for Space Management Release_**| **_First Fixing \nVRM Level_**| **_Platform_**| **_Link to Fix_** \n---|---|---|--- \n8.1| 8.1.1.11| AIX \nLinux| <https://www.ibm.com/support/pages/node/6335741> \n \n \n\n\n**_IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Release_**| **_First Fixing \nVRM Level_**| **_Platform_**| **_Link to Fix_** \n---|---|---|--- \n8.1| 8.1.11| Linux \nWindows| <https://www.ibm.com/support/pages/node/6152475> \n7.1 \n| 7.1.8.10 \n| Linux \nWindows \n| <https://www.ibm.com/support/pages/node/316625> \n \n \n\n\n \n\n\n**_IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Release_**| **_First Fixing \nVRM Level_**| **_Platform_**| **_Link to Fix_** \n---|---|---|--- \n8.1| 8.1.11| Linux| <https://www.ibm.com/support/pages/node/6152475> \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-01-29T18:29:02", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2021-01-29T18:29:02", "id": "9548F3BD922C19C55E9391D4BACA8EA98682FB5BCA396DD8812365F4C30867A0", "href": "https://www.ibm.com/support/pages/node/6371650", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:32", "description": "## Summary\n\nIBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerability due to a remote attacker's ability to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Identity Manager Virtual Appliance| 7.0.2 \nIBM Security Identity Manager Virtual Appliance| 7.0.1 \n \n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Fix Availability \n---|---|--- \nIBM Security Identity Manager Virtual Appliance| 7.0.2| \n\n[7.0.2-ISS-SIM-FP0002](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.2-ISS-SIM-FP0002&source=SARASA> \"7.0.2-ISS-SIM-FP0002\" ) \n \nIBM Security Identity Manager Virtual Appliance| 7.0.1| \n\n[7.0.1-ISS-SIM-FP0014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0014&source=SAR> \"7.0.1-ISS-SIM-FP0014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-29T21:32:29", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-29T21:32:29", "id": "80F63C4DBA4692F1399B8419C02ECEE29E4B32D85EDDE77D136EB81CBB859B9C", "href": "https://www.ibm.com/support/pages/node/6242354", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:26", "description": "## Summary\n\nInformation disclosure in WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - Compare &amp; Comply| All \n \n## Remediation/Fixes\n\nUpgrade to IBM Watson Compare and Comply for IBM Cloud Pak for Data 1.1.9. To download the software, go to Passport Advantage, then search for \"watson compare and comply for ICP for Data\", then select IBM Watson Compare and Comply for ICP for Data V1.1.9 Linux English , part number CC7JSEN.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-04T18:21:58", "type": "ibm", "title": "Security Bulletin: Information disclosure in WebSphere Application Server - Liberty", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-04T18:21:58", "id": "9BB137A2C15EDDA2FAD8099BF31EC43072DCB5CFA903CDC8CF3248DC677FE923", "href": "https://www.ibm.com/support/pages/node/6256110", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:46:00", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM WebSphere Remote Server - Product Family| All \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\n** Principal Product and Version(s)**| ** Affected Supporting Product and Version**| ** Affected Supporting Product Security Bulletin** \n---|---|--- \nWebSphere Remote Server \n9.0, 8.5, 7.1, 7.0| WebSphere Application Server 9.0, 8.5, 8.0, 7.0| | \n\n[Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862>) \n \n--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-29T20:57:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-04-29T20:57:17", "id": "86D81D4FF071D7D46BB506C67EA7CE93C082F0DB66B01AA7474850EEE2C3CBD5", "href": "https://www.ibm.com/support/pages/node/6203134", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:45", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Rational ClearCase| 8.0.0 \nIBM Rational ClearCase| 9.0 \nIBM Rational ClearCase| 9.0.1 \nIBM Rational ClearCase| 9.0.2 \nIBM Rational ClearCase| 8.0.1 \n \nIBM Rational ClearCase, ClearCase Remote Client (CCRC) WAN server component.\n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x:**\n\n * These vulnerabilities only applies to the CCRC WAN server component, and only for certain levels of WebSphere Application Server.\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.| \n\n[Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console \\(CVE-2020-4329\\)\" ) \n \n**ClearCase Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x| \n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section. Check your installed version of IBM WebSphere Application Server against this bulletin's list of vulnerable versions.\n 2. Identify the latest available fixes (per the bulletin(s) listed above) for the version of WAS used for CCRC WAN server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n_For 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-08T18:20:27", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-05-08T18:20:27", "id": "958D3B4A5A0C1FD39CFF6BC608C4A1729951FA8F9C647E5838B8F638A26061A5", "href": "https://www.ibm.com/support/pages/node/6208019", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:47", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.1| [Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:51:39", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-24T12:51:39", "id": "3F0DB6A6B43161E807AC17CE719A18BD26C81F3134F4959AA51E211376F74BD1", "href": "https://www.ibm.com/support/pages/node/6320869", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:44:26", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager.\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| \n\n# [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-24T22:19:08", "id": "D414FED16B358AD7FE6B00E67C7AA1DB43FD19DDFB901B5F7ABA9F0E20BEB6EC", "href": "https://www.ibm.com/support/pages/node/6203774", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:02", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Security Key Lifecycle Manager | 4.0 \n \n## Remediation/Fixes\n\nPlease consult the following Security Bulletins: \n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-10T19:25:27", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-06-10T19:25:27", "id": "4F2D82A4F724C8AC105424E03F5FBC319EFED1ECC4C4FC502E3EE79470EB24D9", "href": "https://www.ibm.com/support/pages/node/6224112", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:45", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli Business Service Manager 6.1.0 all Fixpacks \nIBM Tivoli Business Service Manager 6.1.1 all Fixpacks \nIBM Tivoli Business Service Manager 6.2.0.0 \u2013 6.2.0.2 Interim Fix 1\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Tivoli Business Service Manager. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Business Service Manager 6.1.0 \nIBM Tivoli Business Service Manager 6.1.1| IBM WebSphere Application Server 7.0| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \nIBM Tivoli Business Service Manager 6.2.0| IBM WebSphere Application Server 8.5| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-19T05:36:25", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-06-19T05:36:25", "id": "51D185DB29AE6E4FAD71119D872DA0F52814A6C17A59AD1AF9B79D0668C33FBB", "href": "https://www.ibm.com/support/pages/node/6235662", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:29", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \nIBM Case Manager| 5.1.1 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-28T21:17:45", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-05-28T21:17:45", "id": "E8347ACAF81B4BEE7BCA21CC0C47E2063445B19E9FA4E4431CEF5FAB5FF7AE86", "href": "https://www.ibm.com/support/pages/node/6202519", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:17", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli Netcool Impact 7.1.0.0 - 7.1.0.19\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Impact. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| IBM WebSphere Application Server Liberty| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-01T10:32:11", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-01T10:32:11", "id": "4BFA3A2F692D8FC8DE4F07BCA56AA58679411D74D1AC3CD28957EF6A817C1264", "href": "https://www.ibm.com/support/pages/node/6242964", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:34", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-23T19:40:49", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-06-23T19:40:49", "id": "B2A50DF3EC1594620E8A37ADF929CB730D5142281927CA3F2AE3C4F02F910D8B", "href": "https://www.ibm.com/support/pages/node/6237860", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:26", "description": "## Summary\n\nWebsphere Application Server (Liberty profile) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting Liberty profile has been disclosed in a security bulletin. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| All \n \n\n\n## Remediation/Fixes\n\nApply 1.3.6 Interim Fix 3 \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&amp;release=1.3.6](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6> \"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6\" )\n\nNote that for versions prior to 1.3.6 ONLY the UI component should be updated using interim Fix 3. Nothing else in the interim fix is relevant for this bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-31T14:56:31", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-31T14:56:31", "id": "E01AE27864F5D21E9DE4882755AFD601FD4EE9EEF1B77AD913AFA5BAC1F8BF77", "href": "https://www.ibm.com/support/pages/node/6324721", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:58", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** | **Affected Supporting Product and Version ** \n---|---|--- \nIBM Security Key Lifecycle Manager | 4.0 | WebSphere\u00ae Application Server, Version 9.0.5.0 \nIBM Security Key Lifecycle Manager | 3.0.1 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager | 3.0 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager | 2.7 | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager | 2.6 | WebSphere Application Server v8.5.5.7 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-30T20:08:13", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-04-30T20:08:13", "id": "28F8FE772F7744066E89072F94BE119B652D05DADA694784B7CCD72965C551F7", "href": "https://www.ibm.com/support/pages/node/6204115", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:55:09", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-05T07:58:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-06-05T07:58:34", "id": "E362EBCBEB18984C3F95A2E9B16F0D6BCB101E27F50F764417CF1574FE5064FC", "href": "https://www.ibm.com/support/pages/node/6220422", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:35", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Products and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nIBM Operations Analytics Predictive Insights v1.3.3| Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights v1.3.5| Websphere Application Server 8.5 \nIBM Operations Analytics Predictive Insights v1.3.6| Websphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\nMore information and recommended solutions are disclosed with the security bulletin: [Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-28T18:26:51", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-28T18:26:51", "id": "99126F9F2548EE2300C741A1541AAF9CD2E67330BBEEA99D1CCE5C23EA09B155", "href": "https://www.ibm.com/support/pages/node/6324269", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:40", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nIBM Cloud Pak for Applications, all versions | WebSphere Application Server: \n\n * 9.0\n * 8.5\n * 8.0\n * 7.0\n\nWebSphere Liberty Server:\n\n * 17.0.0.3 - 20.0.0.4 \n \n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\n * ## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-27T15:07:33", "type": "ibm", "title": "Security Bulletin: Information disclosure vulnerability in WebSphere Application Server shipped in IBM Cloud Pak for Applications (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-27T15:07:33", "id": "B2B33DC1DCAEC07D9F9164E0AD1390F5BFB58C4EE2BDF74B976625E39A9F5AF0", "href": "https://www.ibm.com/support/pages/node/6253273", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:51", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) Version(s) | Affected Supporting Product(s) Version(s) \n---|--- \nISIM 6.0.0 | WAS 8.5 \nISIM 6.0.2 | WAS 9 \n \n## Remediation/Fixes\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version(s) | Affected Supporting Product Security Bulletin \n---|---|--- \n \nISIM 6.0.0\n\nISIM 6.0.2\n\n| WAS 8.5\n\nWAS 9.0\n\n| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-15T16:55:47", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager(CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-06-15T16:55:47", "id": "20FC8D083652BD9620AA16329F2B0D169CF687E1B0F904A9AC013C7517AD365E", "href": "https://www.ibm.com/support/pages/node/6217539", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:23", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. This issue allows to conduct spoofing attacks.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM License Metric Tool| All \n \n\n\n## Remediation/Fixes\n\nUpgrade to version 9.2.20 or later using the following procedure: \n\nIn BigFix console, expand IBM License Reporting (ILMT) node under Sites node in the tree panel. \nClick Fixlets and Tasks node. Fixlets and Tasks panel will be displayed on the right. \nIn the Fixlets and Tasks panel locate Upgrade to the latest version of IBM License Metric Tool 9.x fixlet and run it against the computer that hosts your server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-30T09:23:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2020-4329).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-06-30T09:23:01", "id": "3BEB441D10779A1942BF02B10D6A1555A8433CFB0B2D08C01720323538A45578", "href": "https://www.ibm.com/support/pages/node/6242122", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:46:04", "description": "## Summary\n\nInformation disclosure in WebSphere Application Server. This has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server Liberty| 17.0.0.3 - 20.0.0.4 \nWebSphere Application Server| 9.0 \nWebSphere Application Server| 7.0 \nWebSphere Application Server| 8.0 \nWebSphere Application Server| 8.5 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical. **For WebSphere Application Server Liberty:**\n\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH20847](<https://www.ibm.com/support/pages/node/6198862> \"Fix PH20847\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 20.0.0.5 or later (targeted availability 2Q2020).\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.3:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH20847](<https://www.ibm.com/support/pages/node/6198862> \"PH20847\" ). \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.4 or later (targeted availability 2Q2020). \n\n**For V8.5.0.0 through 8.5.5.17:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH20847](<https://www.ibm.com/support/pages/node/6198862> \"PH20847\" ). \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.18 or later (targeted availability 3Q2020).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH20847](<https://www.ibm.com/support/pages/node/6198862> \"PH20847\" ). \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH20847](<https://www.ibm.com/support/pages/node/6198862> \"PH20847\" ). \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-27T19:32:21", "type": "ibm", "title": "Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-04-27T19:32:21", "id": "F171D1A128ED9F033A8E4EB7F107F3B0F58ABA4074ACD771E59F004AAC676A0A", "href": "https://www.ibm.com/support/pages/node/6201862", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:53:33", "description": "## Summary\n\nWebsphere Application Server Liberty vulnerability CVE-2020-4329 affecting IBM Streams\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Streams| 4.1.1.x \nInfoSphere Streams| 4.2.1.x \nInfoSphere Streams| 4.3.1.x \n \n\n\n## Remediation/Fixes\n\nVersion 4.x.x: Apply [4.3.1 Fix Pack 3 or higher](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%20Management&product=ibm/Information+Management/InfoSphere+Streams&release=4.3.1.2&platform=All&function=all> \"4.3.1 Fix Pack 3 or higher\" )\n\nVersions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.3.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-22T21:15:30", "type": "ibm", "title": "Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-22T21:15:30", "id": "AAB63CA611C91C086C2D2BC4EDEABC95ECFE557C5518B51036200FBBD8C29B34", "href": "https://www.ibm.com/support/pages/node/6252019", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:40", "description": "## Summary\n\nIBM MobileFirst Platform Foundation has addressed the following vulnerability: Information disclosure in WebSphere Application Server - Liberty\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MobileFirst Platform Foundation| 8.0.0.0 - ICP, IKS or using the scripts (BYOL), OCP/ICPA \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM MobileFirst Platform Foundation| 8.0.0.0| Download the iFix from [IBM MobileFirst Platform Foundation on FixCentral](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+MobileFirst+Platform+Foundation&fixids=8.0.0.0-MFPF-IF202008201003-CDUpdate-07&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-27T10:38:32", "type": "ibm", "title": "Security Bulletin: Information disclosure vulnerability in WebSphere Application Server - Liberty affects IBM MobileFirst Platform Foundation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-27T10:38:32", "id": "717EA7B7E291CEAF2956470CE508AB38C2BF8E63133D28CF594496671ADDDEE9", "href": "https://www.ibm.com/support/pages/node/6323573", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:19", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.9 [Interim Fix IF006](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.9-IBM-ICC-IF006&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-06T16:49:03", "type": "ibm", "title": "Security Bulletin: Content Collector for Email is affected by a Information disclosure in embedded WebSphere Application Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-06T16:49:03", "id": "89289E9A98285CD79B0D3F1F025DD0EAA5E6629F7ADF333B9EF34FE380BACA0A", "href": "https://www.ibm.com/support/pages/node/6257127", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:23", "description": "## Summary\n\nA vulnerability has been found within the version of IBM WebSphere Liberty shipped with IBM MQ.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.1 LTS \nIBM MQ | 9.1 CD \n \n## Remediation/Fixes\n\n**IBM MQ 9.1 LTS**\n\n[Apply Fixpack 9.1.0.6](<https://www.ibm.com/support/pages/downloading-ibm-mq-version-9106> \"Apply Fixpack 9.1.0.6\" )\n\n**IBM MQ 9.1 CD**\n\n[Upgrade to IBM MQ 9.2](<https://www.ibm.com/support/pages/downloading-ibm-mq-version-920> \"Upgrade to IBM MQ 9.2\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-05T10:18:55", "type": "ibm", "title": "Security Bulletin: IBM MQ is affected by a vulnerability within IBM WebSphere Liberty (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-05T10:18:55", "id": "DABA7DED974B2398189D6CD437940649E019A14178C8AB32F290EB35C8669636", "href": "https://www.ibm.com/support/pages/node/6255994", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:14", "description": "## Summary\n\nAn Information disclosure related vulnerability has been found in IBM WebSphere Application Server - Liberty which is used by IBM License Key Server Administration &amp; Reporting Tool (ART) and Administration Agent. The remediation has been included in the latest release of ART and Agent.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nART/Agent| 8.1.5 \nART/Agent| 8.1.5.1 \nART/Agent| 8.1.5.2 \nART/Agent| 8.1.5.3 \nART/Agent| 8.1.5.4 \nART/Agent| 8.1.5.5 \nART/Agent| 8.1.5.6 \nART/Agent| 8.1.6 \nART/Agent| 8.1.6.1 \nART/Agent| 8.1.6.2 \nART/Agent| 8.1.6.3 \nART/Agent| 8.1.6.4 \n \n\n\n## Remediation/Fixes\n\nUpgrade to the version 8.1.6.5 of ART and Agent. Refer [Release Notes 8.1.6.5](<https://www.ibm.com/support/pages/node/6202749> \"Release Notes 8.1.6.5\" ) for Download and Application Instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-06T16:48:51", "type": "ibm", "title": "Security Bulletin: An Information Disclosure vulnerability in IBM Websphere Libtery affects IBM License Key Server Administration & Reporting Tool and Administration Agent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-06T16:48:51", "id": "693658DCE0F371748D69D63EAD5B48AAC0350649F64CFEB925F5CA6BD3E2A97C", "href": "https://www.ibm.com/support/pages/node/6244170", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:54:17", "description": "## Summary\n\nRational Asset Analyzer (RAA) has addressed the following vulnerability in WebSphere Application Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nAsset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nRational Asset Analyzer| 6.1.0.23 Refresh | NONE| [ RAA 6.1.0.23 Refresh for Windows](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Windows\" )\n\n[ RAA 6.1.0.23 Refresh for z/OS](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"z/OS\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-01T01:49:42", "type": "ibm", "title": "Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-01T01:49:42", "id": "6319DF1B256EC58709172407AF4A25DE3588354F1CDF0FE760752C81DC6DA075", "href": "https://www.ibm.com/support/pages/node/6242798", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:44:36", "description": "## Summary\n\nThere is a vulnerability in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server with a Microservices tier | 11.7 \n \n## Remediation/Fixes\n\n## \n\n_Product_ | _VRMF_ | \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[JR63314](<http://www.ibm.com/support/docview.wss?uid=swg1JR63314> \"JR63314\" )\n\n| \n\n\\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply Information Server [11.7.1.1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n\\--Apply Information Server [11.7.1.1 Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> \"11.7.1.1 Service Pack 1???\" ) \n \nFor Red Hat 8 installations, contact IBM Customer Support. \n \n**Note**: Users of WebSphere Application Server Network Deployment should follow the [WebSphere security bulletin](<https://www.ibm.com/support/pages/node/6201862> \"WebSphere security bulletin\" ) \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/> \"contacts for other countries\" ) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> \"open a Service Request\" ) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-01T19:45:30", "type": "ibm", "title": "Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2021-04-01T19:45:30", "id": "43DA011A37CE03FA64B094E9F5770A93BEF6CF43E03F703E6569EEA76986A4F8", "href": "https://www.ibm.com/support/pages/node/6436379", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:50", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere\u00ae Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \n \nIBM\u00ae Intelligent Operations Center\n\nV1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, V5.1.0.6, V5.1.0.7, V5.1.0.8, V5.1.0.9, V5.1.0.10, V5.1.0.11, V5.1.0.12, V5.1.0.13, V5.1.0.14, V5.2.0, and V5.2.1\n\n| \n\nIBM WebSphere\u00ae Application Server\n\nV7.0, V8.0, V8.5, V9.0, and Liberty \n \nIBM\u00ae Intelligent Operations Center for Emergency Management\n\nV1.6, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, and V5.1.0.6\n\n| \n \nIBM\u00ae Water Operations for Waternamics\n\nV5.1, V5.2.0, V5.2.0.1, V5.2.0.2, V5.2.0.3, V5.2.0.4, V5.2.0.5, V5.2.0.6, V5.2.1, and V5.2.1.1\n\n| \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Information disclosure vulnerability in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure vulnerability in WebSphere Application Server \\(CVE-2020-4329\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-05T16:57:36", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere\u00ae Application Server shipped with IBM\u00ae Intelligent Operations Center (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-05-05T16:57:36", "id": "5918C016B20B5ACA60A7D119FD2C32C94F0627AB911B7E60826658D357145A38", "href": "https://www.ibm.com/support/pages/node/6205936", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:53:58", "description": "## Summary\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Control Center| 6.1.3 \nIBM Control Center| 6.1.2.1 \nIBM Control Center| 6.0.0.2 \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.1.3.0\n\n| \n\niFix02\n\n| \n\n[Fix Central - 6.1.3.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.3.0&platform=All&function=all>) \n \nIBM Control Center\n\n| \n\n6.1.2.1\n\n| \n\niFix04\n\n| \n\n_[Fix Central - 6.1.2.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.2.1&platform=All&function=all>)_ \n \nIBM Control Center\n\n| \n\n6.0.0.2\n\n| \n\niFix11\n\n| \n\n[Fix Central - 6.0.0.2](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-16T18:48:02", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Application Server Vulnerability Affects IBM Control Center (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-16T18:48:02", "id": "65AC33072AF8ABBAA1E90D22A6164663D0FCF7967CC7051A7C6B601CEA97BF53", "href": "https://www.ibm.com/support/pages/node/6249991", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:53:37", "description": "## Summary\n\nInformation disclosure in WebSphere Application Server. This has been addressed. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3-1.1.3.7 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.7| Websphere Application Server Full Profile 8.5.5 | [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \nJazz for Service Management version 1.1.3.7| \n\nWebsphere Application Server Full Profile 9.0\n\n| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-21T15:57:58", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to CVE-2020-4329", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-07-21T15:57:58", "id": "6AF6A75AB47A85BD264ED489D020A601CD49E58065CEDF72F8DBC129C0B69CAB", "href": "https://www.ibm.com/support/pages/node/6251245", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:39", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2\n\n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T16:46:44", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-05-14T16:46:44", "id": "4C530226C2C82FCA90A29F26A05A9D0BF640534450027EDE7596BB30563A3845", "href": "https://www.ibm.com/support/pages/node/6209267", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:52:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \nITNCM| 6.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| [Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee Section: **V8.5.0.0 through 8.5.5.17:** \n \nITNCM| 6.4.1| \n\n[Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee Section: **V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-13T10:29:06", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-13T10:29:06", "id": "C6780300E3EFD7F6811EECD650C04D87FD052560A5F1FA302479AFF8AA4F7FDC", "href": "https://www.ibm.com/support/pages/node/6259383", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:52:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 4.1.1 and 3.9; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0 \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0| \n\n[Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee section: **For V8.5.0.0 through 8.5.5.17:** \n \nITNM| 4.1.1| \n\n[Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-13T10:27:30", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-13T10:27:30", "id": "47377382FB42339D4CE97A4452C254F07E69CAE5413DDD356B24FAAA26841F46", "href": "https://www.ibm.com/support/pages/node/6259381", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:47:13", "description": "## Summary\n\nIn the WebSphere Application Server (WAS) admin console where the Rational Asset Manager (RAM) is deployed, allowing a remote attacker obtaining sensitive information caused by improper parameter checking is observed. Information about this security vulnerability affecting WebSphere Application Server is published in the respective security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.\n\n**NOTE:** Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.\n\n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). \n\n** Affected Supporting Product**| ** Affected Supporting Product Security Bulletin** \n---|--- \nIBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0.| [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-01-28T06:57:46", "type": "ibm", "title": "Security Bulletin: Security vulnerability are identified in WebSphere Application Server where Rational Asset Manager is deployed (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2021-01-28T06:57:46", "id": "3D04811CD7C9B337157F4E06A7E1B2584D270E7E69B726B8521CEEE31E88AF6A", "href": "https://www.ibm.com/support/pages/node/6409368", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:58", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-29T15:16:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-04-29T15:16:12", "id": "89889D01EFEB2906CEB101B24500260E255984420DF03BB57D83997D812CEE0A", "href": "https://www.ibm.com/support/pages/node/6202780", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:46:02", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n## \n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nWebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * Liberty\n * 8.0\n * 8.5\n * 9.0 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-28T14:31:48", "type": "ibm", "title": "Security Bulletin: Information disclosure in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-04-28T14:31:48", "id": "AE9FCFFF0398E144DDAD797967457B662931846E8FEE6194A2655AA5B730BCBC", "href": "https://www.ibm.com/support/pages/node/6202482", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:49", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.1.1 \nITNM| 3.9 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.1.1| [Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \nITNM| 3.9| \n\n[Information disclosure in WebSphere Application Server](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server\" )\n\nSee section: **For V7.0.0.0 through 7.0.0.45:** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-08-24T12:30:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-24T12:30:17", "id": "21A78502CF868CEFFA6DC5C776E16EE0EDF33BAA9E7F3DE611912CC218BF6C9D", "href": "https://www.ibm.com/support/pages/node/6320865", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T21:51:37", "description": "## Summary\n\nInformation disclosure in WebSphere Application Server. This has been addressed. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nTivoli Common Reporting| 3.1.2 - 3.1.2.1 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Jazz for Service Management Releases \n**| **Remediation** \n---|--- \n1.1.2 - 1.1.2.1| \n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-08-28T14:18:23", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to Information disclosure (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-08-28T14:18:23", "id": "A801C0134AF3AE69F120F9758CA8985C815F0984281741FDA5A847A1ACC66AFF", "href": "https://www.ibm.com/support/pages/node/6324179", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:59", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version(s)** \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes: \n\n * [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-30T14:37:38", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-04-30T14:37:38", "id": "845034F004D5E87FCBDDBF4DF19CBEEE3865967F212423D2B39A2634A34BBB84", "href": "https://www.ibm.com/support/pages/node/6203924", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:51:18", "description": "## Summary\n\nInformation disclosure in WebSphere Application Server. This has been addressed. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Common Reporting| 3.1.3 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Jazz for Service Management Releases \n**| **Remediation** \n---|--- \n1.1.3 - 1.1.3.7| \n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-09-03T16:49:26", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to Information disclosure (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-09-03T16:49:26", "id": "0DD7AF43DE97763E0D93D1D019F9D4F482815C909438E3FDD9E285D6B2ED40B7", "href": "https://www.ibm.com/support/pages/node/6326539", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:45:30", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6 \nControl Desk 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n## Remediation/Fixes\n\n[Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-28T21:15:49", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2020-05-28T21:15:49", "id": "A1EFACF2069DC3D9306569DB75291E800141DD6232DEB3E7928DC96CA216C1CC", "href": "https://www.ibm.com/support/pages/node/6205702", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-06-05T17:41:51", "description": "## Summary\n\nIBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM\u00ae WebSphere Application Server Liberty \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX on Cloud| 10.1.0.0 \n \n\n\n## Remediation/Fixes\n\nProduct| Version| Defect| Remediation / First Fix \n---|---|---|--- \nIBM CICS TX on Cloud| 10.1.0.0| 126343| [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=IBM_CICSTX_on_Cloud_SpecialFIX_liberty_082020&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-14T20:51:49", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server is vulnerable for information disclosure that affect IBM CICS TX on Cloud", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2023-02-14T20:51:49", "id": "03A21E2CEB2AE80B0CB3845788EE2C252B219A2161281A588F3A3FABD346F890", "href": "https://www.ibm.com/support/pages/node/6320839", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-06-05T17:43:35", "description": "## Summary\n\nAn information disclosure in WebSphere Application Server - Liberty Medium CVE-2020-4329 has been fixed in WebSphere Application Server Liberty 20.0.0.5, included in ICP Watson_Text_to_Speech and Speech to Text v1.1.2 (GA: 6/19/20). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech to Text, Text to Speech| 1.0.1 - 1.1 \n \n\n\n## Remediation/Fixes\n\nAn information disclosure in WebSphere Application Server - Liberty Medium CVE-2020-4329 has been fixed in WebSphere Application Server Liberty 20.0.0.5, included in ICP Watson_Text_to_Speech and Speech to Text v1.1.2 (GA: 6/19/20). Please download and install the latest version to receive this fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2023-01-12T21:59:00", "id": "6460D41996E43CB75276902519E15745959E2FFD675E2119EAA294B305A37593", "href": "https://www.ibm.com/support/pages/node/6238332", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-06-05T17:50:12", "description": "## Summary\n\nWebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional and Liberty profile have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \nV8.0 \nWebSphere Enterprise Service Bus| V7.5 \nV7.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-cve-2020-4329> \"Security Bulletin: Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional and Liberty profile shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4329)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2022-09-14T15:28:14", "id": "C60289D204614CD6F487491D985F924542C108BE5DDA61A136A99A5BF2EE3F15", "href": "https://www.ibm.com/support/pages/node/6202785", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-18T15:04:22", "description": "The IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.18. It is, therefore, affected by a server-side request forgery vulnerability. An authenticated, remote attacker can exploit this, by sending a specially crafted request, to obtain sensitive data.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-29T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.5.x < 8.5.5.18 Server-side Request Forgery (6209099)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4365"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6209099.NASL", "href": "https://www.tenable.com/plugins/nessus/139065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139065);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-4365\");\n script_xref(name:\"IAVA\", value:\"2020-A-0254-S\");\n\n script_name(english:\"IBM WebSphere Application Server 8.5.x < 8.5.5.18 Server-side Request Forgery (6209099)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a server-side request forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.18. It is, therefore,\naffected by a server-side request forgery vulnerability. An authenticated, remote attacker can exploit this, by sending\na specially crafted request, to obtain sensitive data.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6209099\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, or later. Alternatively, upgrade to the minimal fix pack level\nrequired by the interim fix and then apply Interim Fix PH23638.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH23638';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH23638' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.17', 'fixed_version' : '8.5.5.18 or ' + fix }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:34", "description": "The IBM WebSphere Application Server running on the remote host is version 7.0.x prior or equal to 7.0.0.45, 8.0.x prior or equal to 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.3 It is, therefore, affected by aa denial of service vulnerability. An unauthenticated remote attacker can exploit this by using a specially crafted request to cause the system to stop responding.", "cvss3": {}, "published": "2020-02-07T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server Denial of Service (CVE-2019-4720)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-4720"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_CVE-2019-4720.NASL", "href": "https://www.tenable.com/plugins/nessus/133529", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133529);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2019-4720\");\n\n script_name(english:\"IBM WebSphere Application Server Denial of Service (CVE-2019-4720)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by an information disclosure vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 7.0.x prior or equal to 7.0.0.45, 8.0.x \nprior or equal to 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.3 It is, therefore, affected by\naa denial of service vulnerability. An unauthenticated remote attacker can exploit this by using a specially crafted \nrequest to cause the system to stop responding.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://exchange.xforce.ibmcloud.com/vulnerabilities/172125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/1285372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.3, or\nlater. Alternatively, upgrade to the minimal fix pack levels required\nby the interim fix and then apply Interim Fix PH19528.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-4720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH19528';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH19528' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':'7.0.0.45 and '+fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':'8.0.0.15 and ' + fix},\n {'min_version':'8.5.5.0', 'fixed_version':'8.5.5.18', 'fixed_display':'8.5.5.18 or ' + fix},\n {'min_version':'9.0.0.0', 'fixed_version':'9.0.5.3', 'fixed_display':'9.0.5.3 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:05", "description": "The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.4. It is, therefore, affected by a privilege escalation vulnerability. The vulnerability exists in IBM WebSphere Application Server due to an unspecified reason. An authenticated, remote attacker can exploit this, via token-based authentication in an admin request over the SOAP connector, to gain privileged access to the system.", "cvss3": {}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Privilege Escalation (CVE-2020-4276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4276"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_CVE-2020-4276.NASL", "href": "https://www.tenable.com/plugins/nessus/135180", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135180);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-4276\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Privilege Escalation (CVE-2020-4276)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a privilege escalation vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through\n8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.4. It is, therefore, affected by a privilege escalation\nvulnerability. The vulnerability exists in IBM WebSphere Application Server due to an unspecified reason. An\nauthenticated, remote attacker can exploit this, via token-based authentication in an admin request over the SOAP\nconnector, to gain privileged access to the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://exchange.xforce.ibmcloud.com/vulnerabilities/175984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6118222\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.4, or later. Alternatively, upgrade to the minimal fix pack\nlevels required by the interim fix and then apply Interim Fix PH21511.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4276\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH21511';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH21511' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.17', 'fixed_version':'8.5.5.18 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.5.3', 'fixed_version':'9.0.5.4 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:13", "description": "A privilege escalation vulnerability exists in IBM WebSphere Application Server 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.0 through 8.5.5.17, 9.0.0.0 through 9.0.5.3 when using token-based authentication in an admin request over the SOAP connector. An authenticated, remote attacker can exploit this to gain higher privileges on the system.", "cvss3": {}, "published": "2020-04-17T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4362"], "modified": "2020-11-30T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_CVE-2020-4362.NASL", "href": "https://www.tenable.com/plugins/nessus/135702", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135702);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-4362\");\n script_xref(name:\"IAVA\", value:\"2020-A-0161-S\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a Privilege Escalation vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"A privilege escalation vulnerability exists in IBM WebSphere Application Server 7.0.0.0 through 7.0.0.45, 8.0.0.0 through\n8.0.0.15, 8.5.0.0 through 8.5.5.17, 9.0.0.0 through 9.0.5.3 when using token-based authentication in an admin request over\nthe SOAP connector. An authenticated, remote attacker can exploit this to gain higher privileges on the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://exchange.xforce.ibmcloud.com/vulnerabilities/178929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6174417\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the Fix Pack recommended in the vendor advisory. Alternatively, upgrade to the minimal fix pack levels required\nby the interim fix and then apply Interim Fix PH23853.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH23853';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH23853' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':'7.0.0.45 ' + fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':'8.0.0.15 ' + fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.17', 'fixed_version':'8.5.5.17 ' + fix + ' or 8.5.5.18'},\n {'min_version':'9.0.0.0', 'max_version':'9.0.5.3', 'fixed_version':'9.0.5.3 ' + fix + ' or 9.0.5.4'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:34", "description": "The IBM WebSphere Application Server running on the remote host is version 7.0 prior to 7.0.0.46, 8.0 prior to 8.0.0.16, 8.5 prior to 8.5.5.18, 9.0 prior to 9.0.5.4, or 17.0.0.3 (Liberty) prior to 20.0.0.5 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. (CVE-2020-4329).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-05-08T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0 < 7.0.0.46 / 8.0 < 8.0.0.16 / 8.5 < 8.5.5.18 / 9.0 < 9.0.5.4 / Liberty 17.0.0.3 < 20.0.0.5 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-4329"], "modified": "2021-09-24T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6201862.NASL", "href": "https://www.tenable.com/plugins/nessus/136410", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136410);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\"CVE-2020-4329\");\n script_xref(name:\"IAVA\", value:\"2020-A-0192-S\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0 < 7.0.0.46 / 8.0 < 8.0.0.16 / 8.5 < 8.5.5.18 / 9.0 < 9.0.5.4 / Liberty 17.0.0.3 < 20.0.0.5 Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 7.0 prior to 7.0.0.46, 8.0 prior to 8.0.0.16, \n8.5 prior to 8.5.5.18, 9.0 prior to 9.0.5.4, or 17.0.0.3 (Liberty) prior to 20.0.0.5 could allow a remote, authenticated \nattacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct \nspoofing attacks. (CVE-2020-4329).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6201862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the Fix Pack recommended in the vendor advisory. Alternatively, upgrade to the minimal fix pack levels required\nby the interim fix and then apply Interim Fix PH20847.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-4329\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PH20847';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PH20847' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':'7.0.0.46 or ' + fix},\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':'8.0.0.16 or ' + fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.17', 'fixed_version':'8.5.5.18 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.5.3', 'fixed_version':'9.0.5.4 or ' + fix},\n {'min_version':'17.0.0.3', 'max_version':'20.0.0.4', 'fixed_version':'20.0.0.5 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-05T15:14:31", "description": "IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-05-14T16:15:00", "type": "cve", "title": "CVE-2020-4365", "cwe": ["CWE-918"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4365"], "modified": "2020-05-15T16:21:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.17"], "id": "CVE-2020-4365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4365", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T14:42:14", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-31T16:15:00", "type": "cve", "title": "CVE-2019-4720", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:ibm:websphere_application_server:9.0.5.2", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:7.0.0.45"], "id": "CVE-2019-4720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-4720", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:hypervisor:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:14:20", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-26T14:15:00", "type": "cve", "title": "CVE-2020-4276", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4276"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:9.0.5.3", "cpe:/a:ibm:websphere_application_server:7.0.0.45"], "id": "CVE-2020-4276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4276", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:14:33", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T14:15:00", "type": "cve", "title": "CVE-2020-4362", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4362"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:9.0.5.3", "cpe:/a:ibm:websphere_application_server:7.0.0.45"], "id": "CVE-2020-4362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4362", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:14:27", "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-28T14:15:00", "type": "cve", "title": "CVE-2020-4329", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4329"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:ibm:websphere_application_server:20.0.0.4", "cpe:/a:ibm:websphere_application_server:7.0.0.45", "cpe:/a:ibm:websphere_application_server:8.5.5.17", "cpe:/a:ibm:websphere_application_server:8.0.0.15", "cpe:/a:ibm:websphere_application_server:9.0.5.3"], "id": "CVE-2020-4329", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4329", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:20.0.0.4:*:*:*:liberty:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*"]}]}