IBM WebSphere Application Server Network Deployment security vulnerability in Content Platform Engine Container
CVEID:CVE-2020-4421
**DESCRIPTION:**IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180084 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Content Foundation on Cloud | 5.5.0 |
To resolve these vulnerabilities, install one of the patch sets listed below.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager |
5.5.3
5.5.4
5.5.3.0-P8CPE-Container-IF003 - 7/16/2020
5.5.4.0-P8CPE-Container-IF002 - 7/21/2020
Only versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.
None