Lucene search

K
ibmIBMDD1E4FBBDF4FA000EDF2E286A05EA634208DB4377C6B455CD048AACE3C0B8023
HistoryAug 25, 2020 - 11:55 p.m.

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager

2020-08-2523:55:00
www.ibm.com
21
ibm websphere application server
tivoli federated identity manager
security bulletin
vulnerabilities
denial of service
command execution
information exposure
privilege escalation
remote code execution

EPSS

0.036

Percentile

91.7%

Summary

IBM WebSphere Application Server (WAS) is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Federated Identity Manager All

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version(s) Affected Supporting Product Security Bulletin
IBM Tivoli Federated Identity Manager. ALL versions WAS is vulnerable to a DOS
WAS traditional versions 9.0, 8.5, 8.0 and 7.0
WAS liberty Security Bulletin: WebSphere Application Server is vulnerable to a denial of service(CVE-2019-4720)
IBM Tivoli Federated Identity Manager. ALL versions

WAS 9.0, 8.5, 8.0 and 7.0

|

Security Bulletin: WebSphere Application Server is vulnerable to command execution vulnerability(CVE-2020-4163)

IBM Tivoli Federated Identity Manager. ALL versions

|

WAS traditional versions 9.0, 8.5, 8.0 and 7.0

|

Security Bulletin: IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability (CVE-2020-4276)

IBM Tivoli Federated Identity Manager. ALL versions

|

WAS traditional versions 9.0, 8.5, 8.0 and 7.0

|

Security Bulletin: WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability(CVE-2020-4362)

IBM Tivoli Federated Identity Manager. ALL versions

|

WAS traditional versions 9.0, 8.5

|

Security Bulletin:WebSphere Application Server traditional is vulnerable to a Remote Command Execution vulnerability.(CVE-2020-4450)

IBM Tivoli Federated Identity Manager. ALL versions

|

WAS ND traditional 8.5 and 9.0

WebSphere Virtual Enterprise Edition V7.0 and V8.0

|

Security Bulletin:Remote code execution vulnerability in WebSphere Application Server ND(CVE-2020-4448)

IBM Tivoli Federated Identity Manager. ALL versions

|

WAS 9.0, 8.5, 8.0 and 7.0

WAS liberty

|

Security Bulletin:Information disclosure in WebSphere Application Server(CVE-2020-4329)

IBM Tivoli Federated Identity Manager. ALL versions

|

WAS traditional 7.0, 8.0, 8.5 and 9.0

|

Security Bulletin:WebSphere Application Server traditional is vulnerable to a Information Disclosure vulnerability(CVE-2020-4449)

IBM Tivoli Federated Identity Manager. ALL versions

|

WAS traditional version 8.5

|

Security Bulletin:WebSphere Application Server traditional is vulnerable to a server-side request forgery vulnerability(CVE-2020-4365)

Workarounds and Mitigations

None

EPSS

0.036

Percentile

91.7%

Related for DD1E4FBBDF4FA000EDF2E286A05EA634208DB4377C6B455CD048AACE3C0B8023