Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD314D6F41721859E8D5FEDC60383AB6653E884E8AE9E086A0258F5AA222A6F25
HistoryMay 06, 2021 - 1:39 p.m.

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258)

2021-05-0613:39:43
www.ibm.com
15
dojo vulnerability
websphere application server liberty
ibm financial transaction manager
digital payments
redhat openshift
cve-2020-5258
prototype pollution
remote attacker
javascript application object

EPSS

0.002

Percentile

61.9%

JSON

Summary

Dojo vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift.

Vulnerability Details

CVEID:CVE-2020-5258
**DESCRIPTION:**Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift 4.0.3

Remediation/Fixes

Product| VRMF| Issue
| Remediation / First Fix
โ€”|โ€”|โ€”|โ€”
FTM DP| 4.0.3| 122835| Available through Passport Advantage

Workarounds and Mitigations

None

Related

ibm 69
ubuntucve 1
osv 4
veracode 1
prion 1
debiancve 1
redhatcve 1
github 1
nessus 6
nvd 1
cve 1
cvelist 1
githubexploit 1
openvas 2
debian 1
mageia 1
oracle 5
ibm
ibm
Security Bulletin: Embedded WebSphere Application Server is affected by vulnerability in Dojo, which affects Content Collector for Email
2021-06-01 16:16:42
Security Bulletin: Vulnerability in Dojo affects WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-5258)
2021-05-31 04:32:58
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for RedHat OpenShift (CVE-2020-5258)
2021-05-11 11:07:17
ubuntucve
ubuntucve
CVE-2020-5258
2020-03-10 00:00:00
osv
osv
CGA-v4hc-xjpr-jp5r
2024-07-04 22:10:25
CVE-2020-5258
2020-03-10 18:15:12
Prototype pollution in dojo
2020-03-10 18:03:14
veracode
veracode
Prototype Pollution
2020-03-11 04:28:44
prion
prion
Code injection
2020-03-10 18:15:00
debiancve
debiancve
CVE-2020-5258
2020-03-10 18:15:12
redhatcve
redhatcve
CVE-2020-5258
2020-03-11 09:40:58
github
github
Prototype pollution in dojo
2020-03-10 18:03:14
nessus
nessus
Oracle Enterprise Manager Ops Center UI and Other Patches (July 2021 CPU)
2023-01-19 00:00:00
Debian DLA-2139-1 : dojo security update
2020-03-12 00:00:00
Oracle Primavera Unifier (Jul 2021 CPU)
2021-07-22 00:00:00
nvd
nvd
CVE-2020-5258
2020-03-10 18:15:12
cve
cve
CVE-2020-5258
2020-03-10 18:15:12
cvelist
cvelist
CVE-2020-5258 Prototype pollution in dojo
2020-03-10 17:50:20
githubexploit
githubexploit
Exploit for Code Injection in Linuxfoundation Dojo
2020-12-01 09:45:48
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0232)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2139-1)
2020-03-18 00:00:00
debian
debian
[SECURITY] [DLA 2139-1] dojo security update
2020-03-11 19:14:41
mageia
mageia
Updated dojo packages fix security vulnerability
2020-05-27 12:52:46
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

EPSS

0.002

Percentile

61.9%

JSON
Related for D314D6F41721859E8D5FEDC60383AB6653E884E8AE9E086A0258F5AA222A6F25
ibm69ubuntucve1osv4veracode1prion1debiancve1redhatcve1github1nessus6nvd1cve1cvelist1githubexploit1openvas2debian1mageia1oracle5