Lucene search

IBMEAAA1FF0E3B9E9518ED528D0D3AB6E603ABD22498FC360654BF5AFF8AB2D068E

HistorySep 23, 2020 - 4:16 a.m.

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601

2020-09-2304:16:41

www.ibm.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

Websphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Principal Product and Version(s)	Affected Supporting Product and Version
WebGUI 8.1.0 GA and FP	Websphere Application Server 8.5

WebSphere Application Server V7 and V8 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Remediation/Fixes

Please consult the security bulletin Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601 for vulnerability details and information about fixes.

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/omnibuseq8.1.0

CPE	Name	Operator	Version
	tivoli netcool/omnibus	eq	8.1.0

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for EAAA1FF0E3B9E9518ED528D0D3AB6E603ABD22498FC360654BF5AFF8AB2D068E