Lucene search

K
ibmIBME01AE27864F5D21E9DE4882755AFD601FD4EE9EEF1B77AD913AFA5BAC1F8BF77
HistoryAug 31, 2020 - 2:56 p.m.

Security Bulletin: A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329)

2020-08-3114:56:31
www.ibm.com
12
ibm
websphere
application server
liberty profile
operations analytics predictive insights
cve-2020-4329
vulnerability
sensitive information
parameter checking
spoofing
ibm x-force
cvss
interim fix 3
security bulletin
software

EPSS

0.001

Percentile

32.8%

Summary

Websphere Application Server (Liberty profile) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting Liberty profile has been disclosed in a security bulletin.

Vulnerability Details

CVEID:CVE-2020-4329
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Operations Analytics Predictive Insights All

Remediation/Fixes

Apply 1.3.6 Interim Fix 3

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analyticsยฑ+Predictive+Insights&release=1.3.6

Note that for versions prior to 1.3.6 ONLY the UI component should be updated using interim Fix 3. Nothing else in the interim fix is relevant for this bulletin.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

32.8%

Related for E01AE27864F5D21E9DE4882755AFD601FD4EE9EEF1B77AD913AFA5BAC1F8BF77