CVE-2020-4629

Published Sep 30, 2020

Last updated 4 years ago

CVSS low 3.3

Overview

Description: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 3.3
Impact score: 1.4
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

CVSS 3.0

Type: Secondary
Base score: 2.9
Impact score: 1.4
Exploitability score: 1.4
Vector string: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-209

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
          },
          {
            "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"
          },
          {
            "criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          },
          {
            "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
            "vulnerable": false,
            "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FBC4C46-A044-4A5C-80EF-2BCBF9351CEB",
            "versionEndIncluding": "7.0.0.45",
            "versionStartIncluding": "7.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:hypervisor:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1156DCAE-E013-41A7-ADEE-4FE4213DA17A",
            "versionEndIncluding": "7.0.0.45",
            "versionStartIncluding": "7.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E596AE8A-34AD-43F3-A97E-DC79CE517C8B",
            "versionEndIncluding": "8.0.0.15",
            "versionStartIncluding": "8.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:hypervisor:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1A5D42-A226-4F16-B389-C5084D8EA47C",
            "versionEndIncluding": "8.0.0.15",
            "versionStartIncluding": "8.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "382E5CBC-38E3-4F5C-8110-CA35E92DC943",
            "versionEndIncluding": "8.5.5.18",
            "versionStartIncluding": "8.5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:hypervisor:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C95A52CE-A6C7-44AB-8C48-94DA10CC1AC6",
            "versionEndIncluding": "8.5.5.18",
            "versionStartIncluding": "8.5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E51E766-A883-4D4E-ADDB-0D31B9CC3DF8",
            "versionEndIncluding": "9.0.5.5",
            "versionStartIncluding": "9.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:hypervisor:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C05C06F6-6DE4-454F-A85A-3EB89B80DB17",
            "versionEndIncluding": "9.0.5.5",
            "versionStartIncluding": "9.0.0.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References