Vulnerability Name: CVE-2020-4329 (CCN-177841) Assigned: 2019-12-30 Published: 2020-04-27 Updated: 2021-07-21 Summary: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. CVSS v3 Severity: 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2020-4329 ibm-websphere-cve20204329-info-disc(177841) ibm-websphere-cve20204329-info-disc (177841) Information disclosure in WebSphere Application Server (CVE-2020-4329) https://www.ibm.com/support/pages/node/6201862 WebSphere network security vulnerability in IBM Content Foundation on Cloud WebSphere Application Server security vulnerability in FileNet Content Manager There is an information disclosure vulnerability in Liberty for Java (CVE-2020-4329) Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2020-4329). A security vulnerability has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2020-4329) Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability An Information Disclosure vulnerability in IBM Websphere Libtery affects IBM License Key Server Administration & Reporting Tool and Administration Agent IBM WebSphere Application Server Vulnerability Affects IBM Control Center (CVE-2020-4329) Vulnerability exists in Watson Explorer (CVE-2020-4329) Websphere Application Server Liberty vulnerabilities used by IBM Streams Multiple vulnerabilities in IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter IBM MQ is affected by a vulnerability within IBM WebSphere Liberty (CVE-2020-4329) Information disclosure in WebSphere Application Server - Liberty Content Collector for Email is affected by a Information disclosure in embedded WebSphere Application Server Information disclosure in WebSphere Liberty (CVE-2020-4329) Vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (CVE-2020-4329) IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2020-4329) Information disclosure vulnerability in WebSphere Application Server Liberty WebSphere Application Server is vulnerable for information disclosure that affect IBM CICS TX on Cloud WebSphere Application Server is vulnerable to information disclosure that affects TXSeries for Multiplatforms Information disclosure vulnerability in WebSphere Application Server - Liberty affects IBM MobileFirst Platform Foundation A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329) Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Security vulnerability in WebSphere Liberty Server shipped with IBM Global Mailbox (CVE-2020-4329) Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server Multiple vulnerabilities affect IBM Planning Analytics Vulnerabilities in IBM Java Runtime, IBM WebSphere Application Server Liberty, and Apache Commons affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments Potential vulnerability with IBM WebSphere Application Server Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights Information Disclosure Security Vulnerability in WebSphere Application Server Affects IBM Sterling B2B Integrator (CVE-2020-4329) Information disclosure in WebSphere Application Server (CVE-2020-4329) may affect IBM Workload Scheduler Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator Vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java Runtime, Log4j, and Apache Commons affect IBM Spectrum Protect Snapshot for VMware Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal IBM Security Privileged Identity Manager is affected by an information disclosure (CVE-2020-4329) IBM Security Directory Suite is affected by a vulnerability (CVE-2020-4329) A vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server IBM Cognos Analytics has addressed multiple vulnerabilities IBM Cognos Controller has addressed multiple vulnerabilities Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 7.0.0.0 and <= 7.0.0.45)OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.0.0.15) OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.5.0.0 and <= 8.5.5.17) OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 9.0.0.0 and <= 9.0.5.3) OR cpe:/a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:* (Version >= 17.0.0.3 and <= 20.0.0.4) Configuration CCN 1 :cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:* OR cpe:/a:ibm:websphere_application_server:20.0.0.4:*:*:*:liberty:*:*:* AND cpe:/a:ibm:watson_explorer:10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:security_privileged_identity_manager:2.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:* OR cpe:/a:ibm:security_privileged_identity_manager:2.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0.0:*:*:*:email:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:filenet_content_manager:5.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_orchestrator:2.5.0.10:*:*:*:-:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_streams:4.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_streams:4.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_streams:4.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:* OR cpe:/a:ibm:watson_developer_cloud:1.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_snapshot:4.1.0.0:*:*:*:*:vmware:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:8.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:8.2.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:9.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:9.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:workload_automation:9.5:*:*:*:*:*:*:* OR cpe:/a:ibm:control_center:6.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:control_center:6.1.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:control_center:6.1.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_developer_cloud:1.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.6.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.6.4:*:*:*:*:*:*:* OR cpe:/a:ibm:filenet_content_manager:5.5.4:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.4:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.5:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.6:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.7:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:planning_analytics_local:2.0.9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.3.2:*:*:*:standard:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.10:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.11:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_application_business_insights:1.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_application_business_insights:1.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:* BACK
ibm websphere application server *
ibm websphere application server *
ibm websphere application server *
ibm websphere application server *
ibm websphere application server *
ibm websphere application server 7.0
ibm websphere application server 8.0
ibm websphere application server 8.5
ibm websphere application server 9.0
ibm websphere application server 17.0.0.3
ibm websphere application server 20.0.0.4
ibm watson explorer 10.0.0
ibm tivoli monitoring 6.3.0.2
ibm tivoli monitoring 6.3.0.3
ibm tivoli monitoring 6.3.0.4
ibm content collector 4.0.1
ibm license metric tool 9.2
ibm watson explorer 11.0.0
ibm security privileged identity manager 2.0.2
ibm spectrum protect 7.1
ibm watson explorer 11.0.1
ibm tivoli monitoring 6.3.0.5
ibm tivoli monitoring 6.3.0.6
ibm tivoli monitoring 6.3.0.7
ibm security privileged identity manager 2.1.0
ibm cognos analytics 11.0
ibm watson explorer 11.0.2
ibm spectrum protect 8.1
ibm infosphere information server 11.7
ibm rational asset analyzer 6.1.0.0
ibm sterling b2b integrator 5.2.6.0
ibm websphere application server in cloud 8.5
ibm websphere application server in cloud 9.0
ibm watson explorer 12.0.0
ibm websphere application server in cloud *
ibm security privileged identity manager 2.1.1
ibm watson explorer 12.0.1
ibm watson explorer 12.0.2
ibm content collector 4.0.0
ibm rational license key server 8.1.6
ibm cognos controller 10.4.0
ibm spectrum protect operations center 8.1
ibm cognos analytics 11.1
ibm cognos controller 10.4.1
ibm spectrum control 5.3.1
ibm spectrum control 5.3.2
ibm spectrum control 5.3.3
ibm filenet content manager 5.5.3
ibm event streams 2019.2.1
ibm cloud orchestrator 2.5.0.10
ibm voice gateway 1.0.2
ibm voice gateway 1.0.3
ibm cloud pak for automation 19.0.3
ibm infosphere streams 4.1.1
ibm infosphere streams 4.2.1
ibm infosphere streams 4.3.1
ibm watson explorer 12.0.3
ibm watson developer cloud 1.4.0
ibm mobilefirst platform foundation 8.0.0.0
ibm operations analytics predictive insights 1.3.0
ibm tivoli application dependency discovery manager 7.3.0.7
ibm voice gateway 1.0.2.4
ibm voice gateway 1.0.4
ibm spectrum protect snapshot 4.1.0.0
ibm rational license key server 8.1.6.2
ibm txseries 8.2.0.0
ibm txseries 8.2.0.2
ibm txseries 9.1.0.0
ibm txseries 9.1.0.1
ibm workload automation 9.5
ibm control center 6.0.0.2
ibm control center 6.1.2.1
ibm control center 6.1.3.0
ibm cloud private 3.2.1 cd
ibm event streams 2019.4.1
ibm watson developer cloud 1.4.1
ibm voice gateway 1.0.5
ibm cloud pak for automation 20.0.1
ibm security identity manager virtual appliance 7.0.2
ibm rational asset analyzer 6.1.0.23
ibm rational license key server 8.1.6.1
ibm rational license key server 8.1.6.3
ibm rational license key server 8.1.6.4
ibm filenet content manager 5.5.4
ibm event streams 2019.4.2
ibm cloud private 3.2.2 cd
ibm tivoli application dependency discovery manager 7.3.0.5
ibm spectrum control 5.3.4
ibm spectrum control 5.3.5
ibm spectrum control 5.3.6
ibm spectrum control 5.3.7
ibm security identity manager virtual appliance 7.0.1
ibm planning analytics local 2.0.9.2
ibm cognos controller 10.4.2
ibm sterling b2b integrator 6.0.3.2
ibm spectrum protect operations center 8.1.10
ibm spectrum protect operations center 7.1.11
ibm cloud application business insights 1.1.4
ibm cloud application business insights 1.1.3
ibm sterling b2b integrator 6.1.0.0
Denotes that component is vulnerable