CVE-2020-4286

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 74.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server IBM Infosphere Information Server ON Cloud

Timeline

PublishedMay 19

Latest updateMay 24

Description

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/infosphere_information_server11.3, 11.5, 11.7+2

▶NVDibm/infosphere_information_server11.3

▶NVDibm/infosphere_information11.5, 11.7+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-6f2w-97m7-p3vw: IBM InfoSphere Information Server 11↗2022-05-24

▶

CVEList

CVE-2020-4286: IBM InfoSphere Information Server 11↗2020-05-19

▶

📋Vendor Advisories

Red Hat

libsolv: Heap overflow↗2022-02-21

▶