Vulnerability CVE-2020-4304 - CERT Civis.Net

Vulnerability Name:

CVE-2020-4304 (CCN-176670)

Assigned:

2019-12-30

Published:

2020-03-31

Updated:

2020-04-02

Summary:

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2020-4304

Source: XF
Type: UNKNOWN
ibm-websphere-cve20204304-xss(176670)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-websphere-cve20204304-xss (176670)

Source: CCN
Type: IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)
WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6147195

Source: CCN
Type: IBM Security Bulletin 6203516 (Content Foundation on Cloud)
IBM WebSphere Application Server Network Deployment security vulnerabilities in IBM Content Foundation on Cloud

Source: CCN
Type: IBM Security Bulletin 6209262 (Liberty for Java)
WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304)

Source: CCN
Type: IBM Security Bulletin 6218992 (Compare and Comply)
WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304)

Source: CCN
Type: IBM Security Bulletin 6232876 (WebSphere Application Server in Cloud)
Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6235074 (Cloud Pak for Automation)
Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Source: CCN
Type: IBM Security Bulletin 6236448 (Voice Gateway)
Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6239950 (Watson Speech to Text Customer Care)
Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix

Source: CCN
Type: IBM Security Bulletin 6242108 (License Metric Tool)
A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 .

Source: CCN
Type: IBM Security Bulletin 6242178 (Log Analysis)
Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2020-4303, CVE-2020-4304)

Source: CCN
Type: IBM Security Bulletin 6242786 (Rational Asset Analyzer)
Asset Analyzer (RAA) is affected by two WebSphere Application Server vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6249993 (Control Center)
IBM WebSphere Application Server Liberty XSS Vulnerabilities Affect IBM Control Center (CVE-2020-4303, CVE-2020-4304)

Source: CCN
Type: IBM Security Bulletin 6252009 (InfoSphere Streams)
Websphere Application Server Liberty vulnerabilities used by IBM Streams

Source: CCN
Type: IBM Security Bulletin 6261535 (Cloud Private)
IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2020-4303, CVE-2020-4304)

Source: CCN
Type: IBM Security Bulletin 6324799 (Spectrum Protect Plus)
Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6391590 (Cloud Application Business Insights)
Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights

Source: CCN
Type: IBM Security Bulletin 6405740 (Watson Machine Learning Accelerator)
Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator

Source: CCN
Type: IBM Security Bulletin 6417137 (Cloud APM)
Multiple vulnerabilities affect the IBM Performance Management product

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:* (Version >= 17.0.0.3 and <= 20.0.0.3)

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*

OR cpe:/a:ibm:websphere_application_server:20.0.0.3:*:*:*:liberty:*:*:*

AND

cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:liberty:3.37:*:java:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.1.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_application_business_insights:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_application_business_insights:1.1.3:*:*:*:*:*:*:*

Denotes that component is vulnerable