Denial of Service Vulnerability in IBM WebSphere Application Server Liberty
CVE-2020-4590

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server Liberty
Vendor: CVE Published:; 21 September 2020

Summary

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 20.0.0.9 are susceptible to a denial of service attack. This vulnerability can be exploited by an authenticated client leveraging the oauth-2.0 or openidConnectServer-1.0 server features, leading to potential service disruptions.

Affected Version(s)

WebSphere Application Server Liberty 17.0.0.3

WebSphere Application Server Liberty 20.0.0.9

References

https://www.ibm.com/support/pages/node/6333623

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/184650

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2020
Vulnerability Reserved
Dec 30, 2019