Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM49E1F39ABF4EEB7FF80D7A7714F4484034178E7E98AFA9AA70C6A3D2D43EFABA
HistorySep 14, 2022 - 3:28 p.m.

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4643)

2022-09-1415:28:14
www.ibm.com
11
ibm
websphere
application server
vulnerability
digital business automation workflow
business process manager
enterprise service bus
cve-2020-4643
security bulletin

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

47.7%

JSON

Summary

WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Business Automation Workflow V20.0
V19.0
V18.0
IBM Business Process Manager V8.6
V8.5
V8.0
WebSphere Enterprise Service Bus All
WebSphere Enterprise Service Bus Registry Edition All

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Remediation/Fixes

Please consult the Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_enterprise_service_busMatchanyregistry
OR
ibmbusiness_process_manager_enterprise_service_busMatch8.6.0.0
OR
ibmbusiness_process_managerMatch8.6.0.
OR
ibmbusiness_process_managerMatch201803
OR
ibmbusiness_process_managerMatch8.6.0.
OR
ibmbusiness_process_managerMatch201712
OR
ibmbusiness_process_managerMatch8.6
OR
ibmwebsphere_enterprise_service_busMatch7.5.1.2
OR
ibmwebsphere_enterprise_service_busMatch7.5.1.1
OR
ibmwebsphere_enterprise_service_busMatch7.5.1
OR
ibmwebsphere_enterprise_service_busMatch7.5.0.1
OR
ibmwebsphere_enterprise_service_busMatch7.5
OR
ibmwebsphere_enterprise_service_busMatch7.0.0.5
OR
ibmwebsphere_enterprise_service_busMatch7.0.0.4
OR
ibmwebsphere_enterprise_service_busMatch7.0.0.3
OR
ibmwebsphere_enterprise_service_busMatch7.0.0.2
OR
ibmwebsphere_enterprise_service_busMatch7.0.0.1
OR
ibmwebsphere_enterprise_service_busMatch7.0
OR
ibmbusiness_process_managerMatch8.6.0.express
OR
ibmbusiness_process_managerMatch201803express
OR
ibmbusiness_process_managerMatch8.6.0.express
OR
ibmbusiness_process_managerMatch201712express
OR
ibmbusiness_process_managerMatch8.6express
OR
ibmbusiness_process_managerMatch8.5.7.express
OR
ibmbusiness_process_managerMatch201706express
OR
ibmbusiness_process_managerMatch8.5.7.express
OR
ibmbusiness_process_managerMatch201703express
OR
ibmbusiness_process_managerMatch8.5.7.express
OR
ibmbusiness_process_managerMatch201612express
OR
ibmbusiness_process_managerMatch8.5.7.express
OR
ibmbusiness_process_managerMatch201609express
OR
ibmbusiness_process_managerMatch8.5.7.express
OR
ibmbusiness_process_managerMatch201606express
OR
ibmbusiness_process_managerMatch8.5.7express
OR
ibmbusiness_process_managerMatch8.5.6.2express
OR
ibmbusiness_process_managerMatch8.5.6.1express
OR
ibmbusiness_process_managerMatch8.5.6express
OR
ibmbusiness_process_managerMatch8.5.5express
OR
ibmbusiness_process_managerMatch8.5.0.2express
OR
ibmbusiness_process_managerMatch8.5.0.1express
OR
ibmbusiness_process_managerMatch8.5express
OR
ibmbusiness_process_managerMatch8.0.1.3express
OR
ibmbusiness_process_managerMatch8.0.1.2express
OR
ibmbusiness_process_managerMatch8.0.1.1express
OR
ibmbusiness_process_managerMatch8.0.1express
OR
ibmbusiness_process_managerMatch8.0express
OR
ibmbusiness_automation_workflowMatch18.0.0.0
OR
ibmbusiness_automation_workflowMatch18.0.0.1
OR
ibmbusiness_automation_workflowMatch18.0.0.2
OR
ibmbusiness_automation_workflowMatch19.0.0.1
OR
ibmbusiness_automation_workflowMatch19.0.0.2
OR
ibmbusiness_automation_workflowMatch19.0.0.3
OR
ibmbusiness_automation_workflowMatch20.0.0.1
OR
ibmbusiness_process_managerMatch8.5.7.standard
OR
ibmbusiness_process_managerMatch201706standard
OR
ibmbusiness_process_managerMatch8.5.7.standard
OR
ibmbusiness_process_managerMatch201703standard
OR
ibmbusiness_process_managerMatch8.5.7.standard
OR
ibmbusiness_process_managerMatch201612standard
OR
ibmbusiness_process_managerMatch8.5.7.standard
OR
ibmbusiness_process_managerMatch201609standard
OR
ibmbusiness_process_managerMatch8.5.7.standard
OR
ibmbusiness_process_managerMatch201606standard
OR
ibmbusiness_process_managerMatch8.5.7standard
OR
ibmbusiness_process_managerMatch8.5.6.2standard
OR
ibmbusiness_process_managerMatch8.5.6.1standard
OR
ibmbusiness_process_managerMatch8.5.6standard
OR
ibmbusiness_process_managerMatch8.5.5standard
OR
ibmbusiness_process_managerMatch8.5.0.2standard
OR
ibmbusiness_process_managerMatch8.5.0.1standard
OR
ibmbusiness_process_managerMatch8.5standard
OR
ibmbusiness_process_managerMatch8.0.1.3standard
OR
ibmbusiness_process_managerMatch8.0.1.2standard
OR
ibmbusiness_process_managerMatch8.0.1.1standard
OR
ibmbusiness_process_managerMatch8.0.1standard
OR
ibmbusiness_process_managerMatch8.0standard
OR
ibmbusiness_process_managerMatch8.6advanced
OR
ibmbusiness_process_managerMatch8.5.7.advanced
OR
ibmbusiness_process_managerMatch201706advanced
OR
ibmbusiness_process_managerMatch8.5.7.advanced
OR
ibmbusiness_process_managerMatch201703advanced
OR
ibmbusiness_process_managerMatch8.5.7.advanced
OR
ibmbusiness_process_managerMatch201612advanced
OR
ibmbusiness_process_managerMatch8.5.7.advanced
OR
ibmbusiness_process_managerMatch201609advanced
OR
ibmbusiness_process_managerMatch8.5.7.advanced
OR
ibmbusiness_process_managerMatch201606advanced
OR
ibmbusiness_process_managerMatch8.5.7advanced
OR
ibmbusiness_process_managerMatch8.5.6.2advanced
OR
ibmbusiness_process_managerMatch8.5.6.1advanced
OR
ibmbusiness_process_managerMatch8.5.6advanced
OR
ibmbusiness_process_managerMatch8.5.5advanced
OR
ibmbusiness_process_managerMatch8.5.0.2advanced
OR
ibmbusiness_process_managerMatch8.5.0.1advanced
OR
ibmbusiness_process_managerMatch8.5advanced
OR
ibmbusiness_process_managerMatch8.0.1.3advanced
OR
ibmbusiness_process_managerMatch8.0.1.2advanced
OR
ibmbusiness_process_managerMatch8.0.1.1advanced
OR
ibmbusiness_process_managerMatch8.0.1advanced
OR
ibmbusiness_process_managerMatch8.0advanced
VendorProductVersionCPE
ibmwebsphere_enterprise_service_busanycpe:2.3:a:ibm:websphere_enterprise_service_bus:any:*:*:*:registry:*:*:*
ibmbusiness_process_manager_enterprise_service_bus8.6.0.0cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6.0.0:*:*:*:*:*:*:*
ibmbusiness_process_manager8.6.0.cpe:2.3:a:ibm:business_process_manager:8.6.0.:*:*:*:*:*:*:*
ibmbusiness_process_manager201803cpe:2.3:a:ibm:business_process_manager:201803:*:*:*:*:*:*:*
ibmbusiness_process_manager201712cpe:2.3:a:ibm:business_process_manager:201712:*:*:*:*:*:*:*
ibmbusiness_process_manager8.6cpe:2.3:a:ibm:business_process_manager:8.6:*:*:*:*:*:*:*
ibmwebsphere_enterprise_service_bus7.5.1.2cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:*:*:*:*
ibmwebsphere_enterprise_service_bus7.5.1.1cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:*:*:*:*
ibmwebsphere_enterprise_service_bus7.5.1cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1:*:*:*:*:*:*:*
ibmwebsphere_enterprise_service_bus7.5.0.1cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 861

Related

ibm 40
cvelist 1
prion 1
nvd 1
cve 1
nessus 1
ibm
ibm
Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to an information exposure vulnerability (CVE-2020-4643)
2020-12-14 10:46:13
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2020-4643)
2020-09-18 10:51:52
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4643)
2020-12-14 10:26:00
cvelist
cvelist
CVE-2020-4643
2020-09-21 17:10:13
prion
prion
Xxe
2020-09-21 17:15:00
nvd
nvd
CVE-2020-4643
2020-09-21 17:15:13
cve
cve
CVE-2020-4643
2020-09-21 17:15:13
nessus
nessus
IBM WebSphere Application Server 7.0.0.x through 7.0.0.45 / 8.0.0.x through 8.0.0.15 / 8.5.x through to 8.5.5.17 / 9.0.x through to 9.0.5.5 XXE (CVE-2020-4643)
2020-09-25 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

47.7%

JSON
Related for 49E1F39ABF4EEB7FF80D7A7714F4484034178E7E98AFA9AA70C6A3D2D43EFABA
ibm40cvelist1prion1nvd1cve1nessus1