Vulnerability CVE-2020-4362 - CERT Civis.Net

Vulnerability Name:

CVE-2020-4362 (CCN-178929)

Assigned:

2019-12-30

Published:

2020-04-09

Updated:

2021-07-21

Summary:

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2020-4362

Source: XF
Type: UNKNOWN
ibm-websphere-cve20204362-priv-escalation(178929)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-websphere-cve20204362-priv-escalation (178929)

Source: CCN
Type: IBM Security Bulletin 6174417 (WebSphere Application Server)
Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6174417

Source: CCN
Type: IBM Security Bulletin 6232876 (WebSphere Application Server in Cloud)
Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6257135 (Content Collector)
Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to a privilege escalation vulnerability

Source: CCN
Type: IBM Security Bulletin 6333467 (Cloud Orchestrator)
Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Source: CCN
Type: IBM Security Bulletin 6351443 (Tivoli Monitoring V6)
Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server

Source: CCN
Type: IBM Security Bulletin 6422665 (StoredIQ for Legal)
Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 7.0.0.0 and <= 7.0.0.45)

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.0.0.15)

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.5.0.0 and <= 8.5.5.17)

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 9.0.0.0 and <= 9.0.5.3)

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*

OR cpe:/a:ibm:content_collector:4.0.0:*:*:*:email:*:*:*

OR cpe:/a:ibm:cloud_orchestrator:2.5.0.10:*:*:*:-:*:*:*

Denotes that component is vulnerable