WebSphere Application Server is vulnerable to a server-side request forgery vulnerability.
CVEID:CVE-2020-4365
**DESCRIPTION:**IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178964 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server in IBM Cloud:
To patch an existing service instance, refer to the IBM WebSphere Application Server bulletin listed below:
Please see Updating your environment in the KnowlegeCenter for information on applying service.
Alternatively, delete the vulnerable service instance and create a new instance.
None