CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
19.6%
Fix for Websphere Application Server Liberty vulnerability to Identity Spoofing (CVE-2020-4421) in ICP Watson_Text_to_Speech and Watson Speech to Text v1.1.2
CVEID:CVE-2020-4421
**DESCRIPTION:**IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180084 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Speech to Text, Text to Speech | 1.0.1-1.1 |
The vulnerability CVE-2020-4421 has been fixed in WebSphere Application Server Liberty 20.0.0.5, included in ICP Watson_Text_to_Speech and Watson Speech to Text v1.1.2 (GA: 6/19/20). Please download and install the latest version to receive this fix.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_for_security | 1.0 | cpe:2.3:a:ibm:cloud_pak_for_security:1.0:*:*:*:*:*:*:* |
ibm | cloud_pak_for_security | 1.1 | cpe:2.3:a:ibm:cloud_pak_for_security:1.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
19.6%