PT-2020-6084 · Ibm · Ibm Websphere Liberty+1
Published
2020-04-27
·
Updated
2021-07-21
·
CVE-2020-4329
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Application Server versions 7.0 through 9.0
IBM WebSphere Liberty versions 17.0.0.3 through 20.0.0.4
Description
The issue is related to a lack of protection for service data, which could allow a remote attacker to gain unauthorized access to protected information. Improper parameter checking is the cause, potentially leading to spoofing attacks.
Recommendations
For IBM WebSphere Application Server versions 7.0 through 9.0, update to a version that includes proper parameter checking to prevent exploitation.
For IBM WebSphere Liberty versions 17.0.0.3 through 20.0.0.4, apply configuration changes to ensure proper validation of parameters and prevent unauthorized access.
As a temporary workaround, consider restricting access to sensitive information until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Application Server
Ibm Websphere Liberty