IBM1C72E15872AAE860137E3C49D3A52072C6DEEA0719A5DFCB877F3F49B5175047Security Bulletin: WebSphere security vulnerability in IBM Content Foundation on Cloud
EPSS
Percentile
19.6%
Summary
IBM WebSphere Application Server Network Deployment security vulnerability in Content Platform Engine Container
Vulnerability Details
CVEID:CVE-2020-4421
**DESCRIPTION:**IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180084 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Content Foundation on Cloud | 5.5.0 |
Remediation/Fixes
To resolve these vulnerabilities, install one of the patch sets listed below.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| FileNet Content Manager |
5.5.3
5.5.4
5.5.3.0-P8CPE-Container-IF003 - 7/16/2020
5.5.4.0-P8CPE-Container-IF002 - 7/21/2020
Only versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.
Workarounds and Mitigations
None
Related
EPSS
Percentile
19.6%