Vulnerability CVE-2020-4589 - CERT Civis.Net

Vulnerability Name:

CVE-2020-4589 (CCN-184585)

Assigned:

2019-12-30

Published:

2020-08-12

Updated:

2022-05-03

Summary:

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2020-4589

Source: XF
Type: UNKNOWN
ibm-websphere-cve20204589-code-exec(184585)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-websphere-cve20204589-code-exec (184585)

Source: CCN
Type: IBM Security Bulletin 6258333 (WebSphere Application Server)
WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)

Source: CONFIRM
Type: Vendor Advisory
https://www.ibm.com/support/pages/node/6258333

Source: CCN
Type: IBM Security Bulletin 6327411 (WebSphere Application Server in Cloud)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6339089 (Cloud Orchestrator)
Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Source: CCN
Type: IBM Security Bulletin 6356581 (Content Collector for Email)
Embedded WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability affects Content Collector for Email

Source: CCN
Type: IBM Security Bulletin 6422665 (StoredIQ for Legal)
Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal

Source: CCN
Type: IBM Security Bulletin 6435247 (Security Directory Server)
A security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server (CVE-2020-4589 and CVE-2020-4365)

Source: CCN
Type: IBM Security Bulletin 6458181 (InfoSphere Master Data Management)
Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management 11.6

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 7.0.0.0 and <= 7.0.0.45)

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.0.0.15)

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.5.0.0 and <= 8.5.5.17)

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 9.0.0.0 and <= 9.0.5.4)

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_orchestrator:2.5.0.10:*:*:*:-:*:*:*

OR cpe:/a:ibm:content_collector:4.0.0:*:*:*:email:*:*:*

OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:email:*:*:*

Denotes that component is vulnerable