cvelistv5 - cve-2020-4329

CVE-2020-4329 (GCVE-0-2020-4329)

Vulnerability from cvelistv5

Published

2020-04-28 13:30

Modified

2024-09-17 04:19

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

References

URL

CERTFR-2020-AVI-677

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli Monitoring	IBM Tivoli Monitoring version 6.3.0
IBM	Tivoli	IBM Tivoli System Automation Application Manager 4.1
IBM	Tivoli	IBM Tivoli System Automation pour Multiplatforms 4.1
IBM	N/A	Enterprise Content Management System Monitor version 5.5

References

Title

Publication Time

gsd-2020-4329

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-4329

Aliases

CVE-2020-4329

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-4329",
    "description": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.",
    "id": "GSD-2020-4329"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-4329"
      ],
      "details": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.",
      "id": "GSD-2020-4329",
      "modified": "2023-12-13T01:21:48.092978Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2020-04-27T00:00:00",
        "ID": "CVE-2020-4329",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WebSphere Application Server Liberty",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "17.0.0.3"
                        },
                        {
                          "version_value": "20.0.0.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WebSphere Application Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.0"
                        },
                        {
                          "version_value": "8.0"
                        },
                        {
                          "version_value": "8.5"
                        },
                        {
                          "version_value": "9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "N",
            "AC": "L",
            "AV": "N",
            "C": "L",
            "I": "N",
            "PR": "L",
            "S": "U",
            "SCORE": "4.300",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Obtain Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/6201862",
            "refsource": "CONFIRM",
            "title": "IBM Security Bulletin 6201862 (WebSphere Application Server)",
            "url": "https://www.ibm.com/support/pages/node/6201862"
          },
          {
            "name": "ibm-websphere-cve20204329-info-disc (177841)",
            "refsource": "XF",
            "title": "X-Force Vulnerability Report",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.0.45",
                "versionStartIncluding": "7.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.15",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.5.17",
                "versionStartIncluding": "8.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.5.3",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "20.0.0.4",
                "versionStartIncluding": "17.0.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2020-4329"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6201862",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6201862"
            },
            {
              "name": "ibm-websphere-cve20204329-info-disc (177841)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-04-28T14:15Z"
    }
  }
}

fkie_cve-2020-4329

Vulnerability from fkie_nvd

Published

2020-04-28 14:15

Modified

2024-11-21 05:32

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/177841	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6201862	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/177841	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6201862	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	websphere_application_server	*
ibm	websphere_application_server	*
ibm	websphere_application_server	*
ibm	websphere_application_server	*
ibm	websphere_application_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBC4C46-A044-4A5C-80EF-2BCBF9351CEB",
              "versionEndIncluding": "7.0.0.45",
              "versionStartIncluding": "7.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E596AE8A-34AD-43F3-A97E-DC79CE517C8B",
              "versionEndIncluding": "8.0.0.15",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79830E9D-2412-44C5-B6BA-2C0DE3EA871B",
              "versionEndIncluding": "8.5.5.17",
              "versionStartIncluding": "8.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF309C-B3B1-4F00-ABEA-C44028768A69",
              "versionEndIncluding": "9.0.5.3",
              "versionStartIncluding": "9.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
              "matchCriteriaId": "D7B8A41D-47AB-45EA-8FD5-68FF4ABF2504",
              "versionEndIncluding": "20.0.0.4",
              "versionStartIncluding": "17.0.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841."
    },
    {
      "lang": "es",
      "value": "IBM WebSphere Application Server versi\u00f3n 7.0, 8.0, 8.5, 9.0 y Liberty versiones 17.0.0.3 hasta 20.0.0.4, podr\u00edan permitir a un atacante remoto autentificado obtener informaci\u00f3n confidencial, causado por la comprobaci\u00f3n de par\u00e1metros inapropiada. Esto podr\u00eda ser explotado para llevar a cabo ataques de suplantaci\u00f3n de identidad. IBM X-Force ID: 177841."
    }
  ],
  "id": "CVE-2020-4329",
  "lastModified": "2024-11-21T05:32:36.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-28T14:15:14.377",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6201862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6201862"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202004-1756

Vulnerability from variot

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 177841 It is published as.Information may be obtained. The product is a platform for JavaEE and Web service applications, and it is also the foundation of the IBM WebSphere software platform.

There are security vulnerabilities in IBM WAS and WAS Liberty. The vulnerability stems from the program's failure to correctly check the parameters. Remote attackers can use this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Open Liberty 20.0.0.5 Runtime security update Advisory ID: RHSA-2020:2054-01 Product: Open Liberty Advisory URL: https://access.redhat.com/errata/RHSA-2020:2054 Issue date: 2020-05-11 CVE Names: CVE-2020-4329 CVE-2020-4421 ==================================================================== 1. Summary:

Open Liberty 20.0.0.5 Runtime is now available from the Customer Portal.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices.

This release of Open Liberty 20.0.0.5 serves as a replacement for Open Liberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. For specific information about this release, see links in the References section.

Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link (you must log in to download the update).

JIRA issues fixed (https://issues.jboss.org/):

IBMRT-26 - Release Open Liberty 20.0.0.5

References:

https://access.redhat.com/security/cve/CVE-2020-4329 https://access.redhat.com/security/cve/CVE-2020-4421 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version .0.0.5 https://www.ibm.com/support/pages/node/6201862 https://www.ibm.com/support/pages/node/6205926 https://access.redhat.com/articles/4544981

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXrlVOtzjgjWX9erEAQi4RQ/+LkTDq1YwoWoLnZseiqm3LXmgBjrosXhC xAFG3VJgtRWw8GBsWda/Ayb5bhxudsGbNCXzxRAOLUTmE3RoGYdiX1ul/UQQ8UXU JVgECe/R2NLePYWPxoK8hTEPSN4YRwhq+laHoYvjJX0/dq6BblV4N4otG0f661cc HODThkkzPYaCQup7OIxz/OfM/UpiaXDwU5I+WeIDUjAxAeJfkHLKmU3YtENSFf+T qBUnjoE81qdqEjoSLIlIBhiMqNAopyPCSEwuA5AfZ8/ESnBeOECHLaqeM0kpxt35 f5H3SRYHnIQ0qjYYwWQJajLCgxu5lYVhZnS68hekHcsilCdEtojyaFmt674iHWOO AqHqDOyAcFMttP5+EGiawaRKKIN5cF0SGRBmQA3G9FWQPk5oDNXOvnt+42rJ35+O 4wErBjfCv8r/cnGkIbeECSparqKmYkU763lc+haurOr2dUnMk+2uawVFWxG/VFeP NAo/ju4o7tjrgOJWNyl3mxQ4xa6BX+nGZx9U+gdaVxVVSH0F4uXNgKyzkOqYHU0c gJ9gdz0QIjvvv0g/PGp4wi0xgTuCpZdme2hGauYuptqkZkr+cBzjrIBOAT1GVZ74 mVzDmZ3Rw09dUJ3EK9eKUsMwVIe5vvE08tpA7Zp3M4fxM+PHtS1ysSnk74dQfQ51 GsqdCwdtxCc=RzY1 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1756",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "17.0.0.3"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0.0.45"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "20.0.0.4"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.5.3"
      },
      {
        "model": "websphere application server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "websphere application server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.5.5.17"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "liberty 17.0.0.3 \u304b\u3089 20.0.0.4"
      },
      {
        "model": "websphere application server liberty",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "17.0.0.3,\u003c=20.0.0.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:websphere_application_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-4329",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-4329",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004897",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2020-32427",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4329",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-4329",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004897",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-4329",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2020-4329",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004897",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-32427",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-2227",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-4329",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 177841 It is published as.Information may be obtained. The product is a platform for JavaEE and Web service applications, and it is also the foundation of the IBM WebSphere software platform. \n\r\n\r\nThere are security vulnerabilities in IBM WAS and WAS Liberty. The vulnerability stems from the program\u0027s failure to correctly check the parameters. Remote attackers can use this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Open Liberty 20.0.0.5 Runtime security update\nAdvisory ID:       RHSA-2020:2054-01\nProduct:           Open Liberty\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:2054\nIssue date:        2020-05-11\nCVE Names:         CVE-2020-4329 CVE-2020-4421\n====================================================================\n1. Summary:\n\nOpen Liberty 20.0.0.5 Runtime is now available from the Customer Portal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpen Liberty is a lightweight open framework for building fast and\nefficient cloud-native Java microservices. \n\nThis release of Open Liberty 20.0.0.5 serves as a replacement for Open\nLiberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. \nFor specific information about this release, see links in the References\nsection. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nIBMRT-26 - Release Open Liberty 20.0.0.5\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-4329\nhttps://access.redhat.com/security/cve/CVE-2020-4421\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty\u0026downloadType=distributions\u0026version .0.0.5\nhttps://www.ibm.com/support/pages/node/6201862\nhttps://www.ibm.com/support/pages/node/6205926\nhttps://access.redhat.com/articles/4544981\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXrlVOtzjgjWX9erEAQi4RQ/+LkTDq1YwoWoLnZseiqm3LXmgBjrosXhC\nxAFG3VJgtRWw8GBsWda/Ayb5bhxudsGbNCXzxRAOLUTmE3RoGYdiX1ul/UQQ8UXU\nJVgECe/R2NLePYWPxoK8hTEPSN4YRwhq+laHoYvjJX0/dq6BblV4N4otG0f661cc\nHODThkkzPYaCQup7OIxz/OfM/UpiaXDwU5I+WeIDUjAxAeJfkHLKmU3YtENSFf+T\nqBUnjoE81qdqEjoSLIlIBhiMqNAopyPCSEwuA5AfZ8/ESnBeOECHLaqeM0kpxt35\nf5H3SRYHnIQ0qjYYwWQJajLCgxu5lYVhZnS68hekHcsilCdEtojyaFmt674iHWOO\nAqHqDOyAcFMttP5+EGiawaRKKIN5cF0SGRBmQA3G9FWQPk5oDNXOvnt+42rJ35+O\n4wErBjfCv8r/cnGkIbeECSparqKmYkU763lc+haurOr2dUnMk+2uawVFWxG/VFeP\nNAo/ju4o7tjrgOJWNyl3mxQ4xa6BX+nGZx9U+gdaVxVVSH0F4uXNgKyzkOqYHU0c\ngJ9gdz0QIjvvv0g/PGp4wi0xgTuCpZdme2hGauYuptqkZkr+cBzjrIBOAT1GVZ74\nmVzDmZ3Rw09dUJ3EK9eKUsMwVIe5vvE08tpA7Zp3M4fxM+PHtS1ysSnk74dQfQ51\nGsqdCwdtxCc=RzY1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-4329",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157636",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1650",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2622",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2772",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2301",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2199",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1601",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0035",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1453",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1984",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "48019",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "id": "VAR-202004-1756",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      }
    ],
    "trust": 1.41666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      }
    ]
  },
  "last_update_date": "2024-11-23T20:47:39.540000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "6201862",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/node/6201862"
      },
      {
        "title": "ibm-websphere-cve20204329-info-disc (177841)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
      },
      {
        "title": "Patch for IBM WebSphere Application Server and Liberty information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/221127"
      },
      {
        "title": "IBM WebSphere Application Server  and Liberty Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117729"
      },
      {
        "title": "Red Hat: Important: Open Liberty 20.0.0.5 Runtime security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202054 - Security Advisory"
      },
      {
        "title": "IBM: Security Bulletin: Speech to Text, Text to Speech ICP,  WebSphere Application Server Liberty Fix",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5e3986fcccb30593c920d208e5f58f5"
      },
      {
        "title": "IBM: Security Bulletin:  Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a24e06700e95b219544a9d80f5852dcc"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
      },
      {
        "trust": 1.8,
        "url": "https://www.ibm.com/support/pages/node/6201862"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4329"
      },
      {
        "trust": 1.2,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4329"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-security-directory-suite-information-disclosure-34874"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-serverliberty-profile-affects-ibm-operations-analytics-predictive-insights-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-a-vulnerability-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-liberty-affects-ibm-waston-machine-learning-accelerator/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2772/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-vulnerability-affects-ibm-control-center-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-websphere-application-server-liberty-affects-ibm-infosphere-information-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-liberty-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-liberty-server-wlp-affects-ibm-cloud-application-business-insights/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1601/"
      },
      {
        "trust": 0.6,
        "url": "http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-vulnerability-in-ibm-websphere-libtery-affects-ibm-license-key-server-administration-reporting-tool-and-administration-agent/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ibm-websphere-application-server-information-disclosure-32110"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1453/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1984/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-there-is-an-information-disclosure-vulnerability-in-liberty-for-java-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-2/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48019"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1650/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-ibm-java-runtime-log4j-and-apache-commons-affect-ibm-spectrum-protect-snapshot-for-vmware/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2020-4329-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-storediq-for-legal/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-ibm-websphere-liberty-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-websphere-application-server-affects-ibm-voice-gateway-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2301/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2199/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2622/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-in-embedded-websphere-application-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-network-security-vulnerability-in-ibm-content-foundation-on-cloud/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0035/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-websphere-liberty-server-shipped-with-ibm-global-mailbox-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-watson-explorer-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157636/red-hat-security-advisory-2020-2054-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-websphere-liberty-profile-shipped-with-ibm-license-metric-tool-v9-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329-may-affect-ibm-workload-scheduler/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-an-information-disclosure-cve-2020-4329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-ibm-websphere-application-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-liberty/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:2054"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4421"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/4544981"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=open.liberty\u0026downloadtype=distributions\u0026version"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/support/pages/node/6205926"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-4421"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-4329"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "date": "2020-04-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "date": "2020-05-11T15:36:17",
        "db": "PACKETSTORM",
        "id": "157636"
      },
      {
        "date": "2020-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      },
      {
        "date": "2020-04-28T14:15:14.377000",
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-32427"
      },
      {
        "date": "2020-05-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-4329"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      },
      {
        "date": "2021-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      },
      {
        "date": "2024-11-21T05:32:36.050000",
        "db": "NVD",
        "id": "CVE-2020-4329"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere Application Server Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004897"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2227"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2020-32427

Vulnerability from cnvd

Title

IBM WebSphere Application Server和Liberty信息泄露漏洞

Description

IBM WebSphere Application Server（WAS）和IBM WebSphere Application Server Liberty都是美国IBM公司的产品。IBM WebSphere Application Server是一款应用服务器产品。该产品是JavaEE和Web服务应用程序的平台，也是IBMWebSphere软件平台的基础。IBM WebSphere Application Server Liberty是一款构建于Open Liberty项目之上的Java应用程序服务器。 IBM WAS和WAS Liberty中存在安全漏洞，该漏洞源于程序未能正确检查参数。远程攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

IBM WebSphere Application Server和Liberty信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.ibm.com/support/pages/node/6201862

Reference

https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329/

Impacted products

Name
['IBM WebSphere Application Server 8.5', 'IBM Websphere Application Server 8.0', 'IBM Websphere Application Server 7.0', 'IBM Websphere Application Server 9.0', 'IBM WebSphere Application Server Liberty >=17.0.0.3，<=20.0.0.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-4329"
    }
  },
  "description": "IBM WebSphere Application Server\uff08WAS\uff09\u548cIBM WebSphere Application Server Liberty\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM WebSphere Application Server\u662f\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u662fJavaEE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBMWebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002IBM WebSphere Application Server Liberty\u662f\u4e00\u6b3e\u6784\u5efa\u4e8eOpen Liberty\u9879\u76ee\u4e4b\u4e0a\u7684Java\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u3002\n\nIBM WAS\u548cWAS Liberty\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u68c0\u67e5\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.ibm.com/support/pages/node/6201862",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-32427",
  "openTime": "2020-06-11",
  "patchDescription": "IBM WebSphere Application Server\uff08WAS\uff09\u548cIBM WebSphere Application Server Liberty\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM WebSphere Application Server\u662f\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u662fJavaEE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBMWebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002IBM WebSphere Application Server Liberty\u662f\u4e00\u6b3e\u6784\u5efa\u4e8eOpen Liberty\u9879\u76ee\u4e4b\u4e0a\u7684Java\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u3002\r\n\r\nIBM WAS\u548cWAS Liberty\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u68c0\u67e5\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM WebSphere Application Server\u548cLiberty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM WebSphere Application Server 8.5",
      "IBM Websphere Application Server 8.0",
      "IBM Websphere Application Server 7.0",
      "IBM Websphere Application Server 9.0",
      "IBM WebSphere Application Server Liberty \u003e=17.0.0.3\uff0c\u003c=20.0.0.4"
    ]
  },
  "referenceLink": "https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329/",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-29",
  "title": "IBM WebSphere Application Server\u548cLiberty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

ghsa-hrg7-wpcc-67w2

Vulnerability from github

Published

2022-05-24 17:16

Modified

2022-05-24 17:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-4329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-28T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.",
  "id": "GHSA-hrg7-wpcc-67w2",
  "modified": "2022-05-24T17:16:47Z",
  "published": "2022-05-24T17:16:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4329"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177841"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6201862"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-4329 (GCVE-0-2020-4329)

Vulnerability from cvelistv5

CERTFR-2020-AVI-677

Vulnerability from certfr_avis

Solution

gsd-2020-4329

Vulnerability from gsd

fkie_cve-2020-4329

Vulnerability from fkie_nvd

var-202004-1756

Vulnerability from variot

cnvd-2020-32427

Vulnerability from cnvd

ghsa-hrg7-wpcc-67w2

Vulnerability from github

Tags

Sightings

Nomenclature