Spoofing Vulnerability in IBM WebSphere Application Liberty
CVE-2020-4421

5MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 May 2020

Summary

IBM WebSphere Application Liberty versions 19.0.0.5 through 20.0.0.4 are susceptible to a spoofing vulnerability that could allow an authenticated user utilizing OpenID Connect to impersonate another user. This can lead to unauthorized access and potential disclosure of sensitive information.

Affected Version(s)

WebSphere Application Server Liberty 20.0.0.4

WebSphere Application Server Liberty 19.0.0.5

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.