Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (CVE-2020-4329)


## Summary WebSphere Application Server Liberty could allow a remote, authenticated attacker to obtain sensitive information caused by improper paramater checking which affects IBM Spectrum Control. ## Vulnerability Details ** CVEID: **[CVE-2020-4329](<https://vulners.com/cve/CVE-2020-4329>) ** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty through could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions **Affected Product(s)**| **Version(s)** ---|--- IBM Spectrum Control| 5.3.1 -5.3.7 ## Remediation/Fixes The solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable. ** Release**| **First Fixing** **VRM Level**| ** Link to Fix** ---|---|--- 5.4| 5.4.0| <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> **Note:** It is always recommended to have a current backup before applying any update procedure. ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm spectrum control 5.3.1
ibm spectrum control 5.3.2
ibm spectrum control 5.3.3
ibm spectrum control 5.3.4
ibm spectrum control 5.3.5
ibm spectrum control 5.3.6
ibm spectrum control 5.3.7