var-202004-1756
Vulnerability from variot
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 177841 It is published as.Information may be obtained. The product is a platform for JavaEE and Web service applications, and it is also the foundation of the IBM WebSphere software platform.
There are security vulnerabilities in IBM WAS and WAS Liberty. The vulnerability stems from the program's failure to correctly check the parameters. Remote attackers can use this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Open Liberty 20.0.0.5 Runtime security update Advisory ID: RHSA-2020:2054-01 Product: Open Liberty Advisory URL: https://access.redhat.com/errata/RHSA-2020:2054 Issue date: 2020-05-11 CVE Names: CVE-2020-4329 CVE-2020-4421 ==================================================================== 1. Summary:
Open Liberty 20.0.0.5 Runtime is now available from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices.
This release of Open Liberty 20.0.0.5 serves as a replacement for Open Liberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. For specific information about this release, see links in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- JIRA issues fixed (https://issues.jboss.org/):
IBMRT-26 - Release Open Liberty 20.0.0.5
- References:
https://access.redhat.com/security/cve/CVE-2020-4329 https://access.redhat.com/security/cve/CVE-2020-4421 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version .0.0.5 https://www.ibm.com/support/pages/node/6201862 https://www.ibm.com/support/pages/node/6205926 https://access.redhat.com/articles/4544981
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXrlVOtzjgjWX9erEAQi4RQ/+LkTDq1YwoWoLnZseiqm3LXmgBjrosXhC xAFG3VJgtRWw8GBsWda/Ayb5bhxudsGbNCXzxRAOLUTmE3RoGYdiX1ul/UQQ8UXU JVgECe/R2NLePYWPxoK8hTEPSN4YRwhq+laHoYvjJX0/dq6BblV4N4otG0f661cc HODThkkzPYaCQup7OIxz/OfM/UpiaXDwU5I+WeIDUjAxAeJfkHLKmU3YtENSFf+T qBUnjoE81qdqEjoSLIlIBhiMqNAopyPCSEwuA5AfZ8/ESnBeOECHLaqeM0kpxt35 f5H3SRYHnIQ0qjYYwWQJajLCgxu5lYVhZnS68hekHcsilCdEtojyaFmt674iHWOO AqHqDOyAcFMttP5+EGiawaRKKIN5cF0SGRBmQA3G9FWQPk5oDNXOvnt+42rJ35+O 4wErBjfCv8r/cnGkIbeECSparqKmYkU763lc+haurOr2dUnMk+2uawVFWxG/VFeP NAo/ju4o7tjrgOJWNyl3mxQ4xa6BX+nGZx9U+gdaVxVVSH0F4uXNgKyzkOqYHU0c gJ9gdz0QIjvvv0g/PGp4wi0xgTuCpZdme2hGauYuptqkZkr+cBzjrIBOAT1GVZ74 mVzDmZ3Rw09dUJ3EK9eKUsMwVIe5vvE08tpA7Zp3M4fxM+PHtS1ysSnk74dQfQ51 GsqdCwdtxCc=RzY1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1756",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "websphere application server",
"scope": "eq",
"trust": 1.4,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 1.4,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 1.4,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 1.4,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5.5.17"
},
{
"model": "websphere application server",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.5.3"
},
{
"model": "websphere application server",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.0.45"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "20.0.0.4"
},
{
"model": "websphere application server",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "websphere application server",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "websphere application server",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "17.0.0.3"
},
{
"model": "websphere application server",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "8.0.0.15"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "liberty 17.0.0.3 \u304b\u3089 20.0.0.4"
},
{
"model": "websphere application server liberty",
"scope": "gte",
"trust": 0.6,
"vendor": "ibm",
"version": "17.0.0.3,\u003c=20.0.0.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "NVD",
"id": "CVE-2020-4329"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.0.45",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.0.15",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.5.17",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.5.3",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.0.0.4",
"versionStartIncluding": "17.0.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4329"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157636"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
],
"trust": 0.7
},
"cve": "CVE-2020-4329",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004897",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-32427",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-4329",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004897",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-4329",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2020-4329",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-004897",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-32427",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2227",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-4329",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 177841 It is published as.Information may be obtained. The product is a platform for JavaEE and Web service applications, and it is also the foundation of the IBM WebSphere software platform. \n\r\n\r\nThere are security vulnerabilities in IBM WAS and WAS Liberty. The vulnerability stems from the program\u0027s failure to correctly check the parameters. Remote attackers can use this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Open Liberty 20.0.0.5 Runtime security update\nAdvisory ID: RHSA-2020:2054-01\nProduct: Open Liberty\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2054\nIssue date: 2020-05-11\nCVE Names: CVE-2020-4329 CVE-2020-4421\n====================================================================\n1. Summary:\n\nOpen Liberty 20.0.0.5 Runtime is now available from the Customer Portal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpen Liberty is a lightweight open framework for building fast and\nefficient cloud-native Java microservices. \n\nThis release of Open Liberty 20.0.0.5 serves as a replacement for Open\nLiberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. \nFor specific information about this release, see links in the References\nsection. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nIBMRT-26 - Release Open Liberty 20.0.0.5\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-4329\nhttps://access.redhat.com/security/cve/CVE-2020-4421\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty\u0026downloadType=distributions\u0026version .0.0.5\nhttps://www.ibm.com/support/pages/node/6201862\nhttps://www.ibm.com/support/pages/node/6205926\nhttps://access.redhat.com/articles/4544981\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXrlVOtzjgjWX9erEAQi4RQ/+LkTDq1YwoWoLnZseiqm3LXmgBjrosXhC\nxAFG3VJgtRWw8GBsWda/Ayb5bhxudsGbNCXzxRAOLUTmE3RoGYdiX1ul/UQQ8UXU\nJVgECe/R2NLePYWPxoK8hTEPSN4YRwhq+laHoYvjJX0/dq6BblV4N4otG0f661cc\nHODThkkzPYaCQup7OIxz/OfM/UpiaXDwU5I+WeIDUjAxAeJfkHLKmU3YtENSFf+T\nqBUnjoE81qdqEjoSLIlIBhiMqNAopyPCSEwuA5AfZ8/ESnBeOECHLaqeM0kpxt35\nf5H3SRYHnIQ0qjYYwWQJajLCgxu5lYVhZnS68hekHcsilCdEtojyaFmt674iHWOO\nAqHqDOyAcFMttP5+EGiawaRKKIN5cF0SGRBmQA3G9FWQPk5oDNXOvnt+42rJ35+O\n4wErBjfCv8r/cnGkIbeECSparqKmYkU763lc+haurOr2dUnMk+2uawVFWxG/VFeP\nNAo/ju4o7tjrgOJWNyl3mxQ4xa6BX+nGZx9U+gdaVxVVSH0F4uXNgKyzkOqYHU0c\ngJ9gdz0QIjvvv0g/PGp4wi0xgTuCpZdme2hGauYuptqkZkr+cBzjrIBOAT1GVZ74\nmVzDmZ3Rw09dUJ3EK9eKUsMwVIe5vvE08tpA7Zp3M4fxM+PHtS1ysSnk74dQfQ51\nGsqdCwdtxCc=RzY1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"db": "PACKETSTORM",
"id": "157636"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4329",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157636",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-32427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1650",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2622",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2772",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2199",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0035",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1453",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1984",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48019",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2227",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-4329",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "PACKETSTORM",
"id": "157636"
},
{
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
]
},
"id": "VAR-202004-1756",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
}
],
"trust": 1.41666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
}
]
},
"last_update_date": "2023-12-18T11:38:16.450000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6201862",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6201862"
},
{
"title": "ibm-websphere-cve20204329-info-disc (177841)",
"trust": 0.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
},
{
"title": "Patch for IBM WebSphere Application Server and Liberty information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/221127"
},
{
"title": "IBM WebSphere Application Server and Liberty Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117729"
},
{
"title": "Red Hat: Important: Open Liberty 20.0.0.5 Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202054 - security advisory"
},
{
"title": "IBM: Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5e3986fcccb30593c920d208e5f58f5"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a24e06700e95b219544a9d80f5852dcc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "NVD",
"id": "CVE-2020-4329"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
},
{
"trust": 1.8,
"url": "https://www.ibm.com/support/pages/node/6201862"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4329"
},
{
"trust": 1.2,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4329"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ibm-security-directory-suite-information-disclosure-34874"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-serverliberty-profile-affects-ibm-operations-analytics-predictive-insights-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-a-vulnerability-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-liberty-affects-ibm-waston-machine-learning-accelerator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2772/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-vulnerability-affects-ibm-control-center-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-websphere-application-server-liberty-affects-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-liberty-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-liberty-server-wlp-affects-ibm-cloud-application-business-insights/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1601/"
},
{
"trust": 0.6,
"url": "http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-vulnerability-in-ibm-websphere-libtery-affects-ibm-license-key-server-administration-reporting-tool-and-administration-agent/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ibm-websphere-application-server-information-disclosure-32110"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1453/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1984/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-there-is-an-information-disclosure-vulnerability-in-liberty-for-java-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1650/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-ibm-java-runtime-log4j-and-apache-commons-affect-ibm-spectrum-protect-snapshot-for-vmware/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2020-4329-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-storediq-for-legal/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-ibm-websphere-liberty-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-websphere-application-server-affects-ibm-voice-gateway-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2301/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2199/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2622/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-in-embedded-websphere-application-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-network-security-vulnerability-in-ibm-content-foundation-on-cloud/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0035/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-websphere-liberty-server-shipped-with-ibm-global-mailbox-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-watson-explorer-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157636/red-hat-security-advisory-2020-2054-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-websphere-liberty-profile-shipped-with-ibm-license-metric-tool-v9-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329-may-affect-ibm-workload-scheduler/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-an-information-disclosure-cve-2020-4329/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-ibm-websphere-application-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-liberty/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2054"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/4544981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=open.liberty\u0026downloadtype=distributions\u0026version"
},
{
"trust": 0.1,
"url": "https://www.ibm.com/support/pages/node/6205926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-4421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-4329"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "PACKETSTORM",
"id": "157636"
},
{
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"db": "PACKETSTORM",
"id": "157636"
},
{
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"date": "2020-05-11T15:36:17",
"db": "PACKETSTORM",
"id": "157636"
},
{
"date": "2020-04-28T14:15:14.377000",
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32427"
},
{
"date": "2020-05-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4329"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004897"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-4329"
},
{
"date": "2021-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM WebSphere Application Server Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004897"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2227"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.