cvelistv5 - CVE-2020-4329

▼	URL	Tags
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/177841	VDB Entry, Vendor Advisory
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6201862	Vendor Advisory

▼	Vendor	Product
	IBM	WebSphere Application Server Liberty
	IBM	WebSphere Application Server

gsd-2020-4329

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.

Aliases

CVE-2020-4329

Aliases

CVE-2020-4329

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-4329",
    "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.",
    "id": "GSD-2020-4329"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-4329"
      ],
      "details": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.",
      "id": "GSD-2020-4329",
      "modified": "2023-12-13T01:21:48.092978Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2020-04-27T00:00:00",
        "ID": "CVE-2020-4329",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WebSphere Application Server Liberty",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "17.0.0.3"
                        },
                        {
                          "version_value": "20.0.0.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WebSphere Application Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.0"
                        },
                        {
                          "version_value": "8.0"
                        },
                        {
                          "version_value": "8.5"
                        },
                        {
                          "version_value": "9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "N",
            "AC": "L",
            "AV": "N",
            "C": "L",
            "I": "N",
            "PR": "L",
            "S": "U",
            "SCORE": "4.300",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Obtain Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/6201862",
            "refsource": "CONFIRM",
            "title": "IBM Security Bulletin 6201862 (WebSphere Application Server)",
            "url": "https://www.ibm.com/support/pages/node/6201862"
          },
          {
            "name": "ibm-websphere-cve20204329-info-disc (177841)",
            "refsource": "XF",
            "title": "X-Force Vulnerability Report",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.0.45",
                "versionStartIncluding": "7.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.15",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.5.17",
                "versionStartIncluding": "8.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.5.3",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "20.0.0.4",
                "versionStartIncluding": "17.0.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2020-4329"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6201862",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6201862"
            },
            {
              "name": "ibm-websphere-cve20204329-info-disc (177841)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-04-28T14:15Z"
    }
  }
}

ghsa-hrg7-wpcc-67w2

Vulnerability from github

Published

2022-05-24 17:16

Modified

2022-05-24 17:16

Details

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-4329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-28T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.",
  "id": "GHSA-hrg7-wpcc-67w2",
  "modified": "2022-05-24T17:16:47Z",
  "published": "2022-05-24T17:16:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4329"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6201862"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-202004-1756

Vulnerability from variot

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 177841 It is published as.Information may be obtained. The product is a platform for JavaEE and Web service applications, and it is also the foundation of the IBM WebSphere software platform.

There are security vulnerabilities in IBM WAS and WAS Liberty. The vulnerability stems from the program's failure to correctly check the parameters. Remote attackers can use this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Open Liberty 20.0.0.5 Runtime security update Advisory ID: RHSA-2020:2054-01 Product: Open Liberty Advisory URL: https://access.redhat.com/errata/RHSA-2020:2054 Issue date: 2020-05-11 CVE Names: CVE-2020-4329 CVE-2020-4421 ==================================================================== 1. Summary:

Open Liberty 20.0.0.5 Runtime is now available from the Customer Portal.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices.

This release of Open Liberty 20.0.0.5 serves as a replacement for Open Liberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. For specific information about this release, see links in the References section.

Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link (you must log in to download the update).

JIRA issues fixed (https://issues.jboss.org/):

IBMRT-26 - Release Open Liberty 20.0.0.5

References:

https://access.redhat.com/security/cve/CVE-2020-4329 https://access.redhat.com/security/cve/CVE-2020-4421 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version .0.0.5 https://www.ibm.com/support/pages/node/6201862 https://www.ibm.com/support/pages/node/6205926 https://access.redhat.com/articles/4544981

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXrlVOtzjgjWX9erEAQi4RQ/+LkTDq1YwoWoLnZseiqm3LXmgBjrosXhC xAFG3VJgtRWw8GBsWda/Ayb5bhxudsGbNCXzxRAOLUTmE3RoGYdiX1ul/UQQ8UXU JVgECe/R2NLePYWPxoK8hTEPSN4YRwhq+laHoYvjJX0/dq6BblV4N4otG0f661cc HODThkkzPYaCQup7OIxz/OfM/UpiaXDwU5I+WeIDUjAxAeJfkHLKmU3YtENSFf+T qBUnjoE81qdqEjoSLIlIBhiMqNAopyPCSEwuA5AfZ8/ESnBeOECHLaqeM0kpxt35 f5H3SRYHnIQ0qjYYwWQJajLCgxu5lYVhZnS68hekHcsilCdEtojyaFmt674iHWOO AqHqDOyAcFMttP5+EGiawaRKKIN5cF0SGRBmQA3G9FWQPk5oDNXOvnt+42rJ35+O 4wErBjfCv8r/cnGkIbeECSparqKmYkU763lc+haurOr2dUnMk+2uawVFWxG/VFeP NAo/ju4o7tjrgOJWNyl3mxQ4xa6BX+nGZx9U+gdaVxVVSH0F4uXNgKyzkOqYHU0c gJ9gdz0QIjvvv0g/PGp4wi0xgTuCpZdme2hGauYuptqkZkr+cBzjrIBOAT1GVZ74 mVzDmZ3Rw09dUJ3EK9eKUsMwVIe5vvE08tpA7Zp3M4fxM+PHtS1ysSnk74dQfQ51 GsqdCwdtxCc=RzY1 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1756",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.5.5.17"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.5.3"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0.0.45"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "20.0.0.4"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "17.0.0.3"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "liberty 17.0.0.3 \u304b\u3089 20.0.0.4"
      },
      {
        "model": "websphere application server liberty",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "17.0.0.3,\u003c=20.0.0.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.0.45",
                "versionStartIncluding": "7.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.15",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.5.17",
                "versionStartIncluding": "8.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.5.3",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "20.0.0.4",
                "versionStartIncluding": "17.0.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-4329",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004897",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2020-32427",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-4329",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004897",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-4329",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2020-4329",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004897",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-32427",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-2227",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-4329",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 177841 It is published as.Information may be obtained. The product is a platform for JavaEE and Web service applications, and it is also the foundation of the IBM WebSphere software platform. \n\r\n\r\nThere are security vulnerabilities in IBM WAS and WAS Liberty. The vulnerability stems from the program\u0027s failure to correctly check the parameters. Remote attackers can use this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Open Liberty 20.0.0.5 Runtime security update\nAdvisory ID:       RHSA-2020:2054-01\nProduct:           Open Liberty\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:2054\nIssue date:        2020-05-11\nCVE Names:         CVE-2020-4329 CVE-2020-4421\n====================================================================\n1. Summary:\n\nOpen Liberty 20.0.0.5 Runtime is now available from the Customer Portal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpen Liberty is a lightweight open framework for building fast and\nefficient cloud-native Java microservices. \n\nThis release of Open Liberty 20.0.0.5 serves as a replacement for Open\nLiberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. \nFor specific information about this release, see links in the References\nsection. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nIBMRT-26 - Release Open Liberty 20.0.0.5\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-4329\nhttps://access.redhat.com/security/cve/CVE-2020-4421\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty\u0026downloadType=distributions\u0026version .0.0.5\nhttps://www.ibm.com/support/pages/node/6201862\nhttps://www.ibm.com/support/pages/node/6205926\nhttps://access.redhat.com/articles/4544981\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXrlVOtzjgjWX9erEAQi4RQ/+LkTDq1YwoWoLnZseiqm3LXmgBjrosXhC\nxAFG3VJgtRWw8GBsWda/Ayb5bhxudsGbNCXzxRAOLUTmE3RoGYdiX1ul/UQQ8UXU\nJVgECe/R2NLePYWPxoK8hTEPSN4YRwhq+laHoYvjJX0/dq6BblV4N4otG0f661cc\nHODThkkzPYaCQup7OIxz/OfM/UpiaXDwU5I+WeIDUjAxAeJfkHLKmU3YtENSFf+T\nqBUnjoE81qdqEjoSLIlIBhiMqNAopyPCSEwuA5AfZ8/ESnBeOECHLaqeM0kpxt35\nf5H3SRYHnIQ0qjYYwWQJajLCgxu5lYVhZnS68hekHcsilCdEtojyaFmt674iHWOO\nAqHqDOyAcFMttP5+EGiawaRKKIN5cF0SGRBmQA3G9FWQPk5oDNXOvnt+42rJ35+O\n4wErBjfCv8r/cnGkIbeECSparqKmYkU763lc+haurOr2dUnMk+2uawVFWxG/VFeP\nNAo/ju4o7tjrgOJWNyl3mxQ4xa6BX+nGZx9U+gdaVxVVSH0F4uXNgKyzkOqYHU0c\ngJ9gdz0QIjvvv0g/PGp4wi0xgTuCpZdme2hGauYuptqkZkr+cBzjrIBOAT1GVZ74\nmVzDmZ3Rw09dUJ3EK9eKUsMwVIe5vvE08tpA7Zp3M4fxM+PHtS1ysSnk74dQfQ51\nGsqdCwdtxCc=RzY1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4329",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157636",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1650",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2622",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2772",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2301",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2199",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1601",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0035",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1453",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1984",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "48019",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "id": "VAR-202004-1756",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      }
    ],
    "trust": 1.41666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:38:16.450000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6201862",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6201862"
      },
      {
        "title": "ibm-websphere-cve20204329-info-disc (177841)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
      },
      {
        "title": "Patch for IBM WebSphere Application Server and Liberty information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/221127"
      },
      {
        "title": "IBM WebSphere Application Server  and Liberty Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117729"
      },
      {
        "title": "Red Hat: Important: Open Liberty 20.0.0.5 Runtime security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202054 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: Speech to Text, Text to Speech ICP,  WebSphere Application Server Liberty Fix",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5e3986fcccb30593c920d208e5f58f5"
      },
      {
        "title": "IBM: Security Bulletin:  Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a24e06700e95b219544a9d80f5852dcc"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
      },
      {
        "trust": 1.8,
        "url": "https://www.ibm.com/support/pages/node/6201862"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4329"
      },
      {
        "trust": 1.2,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4329"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-security-directory-suite-information-disclosure-34874"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-serverliberty-profile-affects-ibm-operations-analytics-predictive-insights-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-a-vulnerability-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-liberty-affects-ibm-waston-machine-learning-accelerator/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2772/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-vulnerability-affects-ibm-control-center-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-websphere-application-server-liberty-affects-ibm-infosphere-information-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-liberty-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-liberty-server-wlp-affects-ibm-cloud-application-business-insights/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1601/"
      },
      {
        "trust": 0.6,
        "url": "http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-vulnerability-in-ibm-websphere-libtery-affects-ibm-license-key-server-administration-reporting-tool-and-administration-agent/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-websphere-application-server-information-disclosure-32110"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1453/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1984/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-there-is-an-information-disclosure-vulnerability-in-liberty-for-java-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-2/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48019"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1650/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-ibm-java-runtime-log4j-and-apache-commons-affect-ibm-spectrum-protect-snapshot-for-vmware/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2020-4329-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-storediq-for-legal/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-ibm-websphere-liberty-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-websphere-application-server-affects-ibm-voice-gateway-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2301/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2199/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2622/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-in-embedded-websphere-application-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-network-security-vulnerability-in-ibm-content-foundation-on-cloud/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0035/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-websphere-liberty-server-shipped-with-ibm-global-mailbox-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-watson-explorer-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157636/red-hat-security-advisory-2020-2054-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-websphere-liberty-profile-shipped-with-ibm-license-metric-tool-v9-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329-may-affect-ibm-workload-scheduler/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-an-information-disclosure-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-ibm-websphere-application-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-liberty/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:2054"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4421"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/4544981"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=open.liberty\u0026downloadtype=distributions\u0026version"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/6205926"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-4421"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-4329"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "date": "2020-04-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "date": "2020-05-11T15:36:17",
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "date": "2020-04-28T14:15:14.377000",
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "date": "2020-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "date": "2020-05-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "date": "2021-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere Application Server Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ],
    "trust": 0.6
  }
}

CVE-2020-4329

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2020-4329

Vulnerability from cvelistv5

gsd-2020-4329

Vulnerability from gsd

ghsa-hrg7-wpcc-67w2

Vulnerability from github

var-202004-1756

Vulnerability from variot

Tags

Sightings

Nomenclature