CVE-2020-4305

CWE-502 — Deserialization of Untrusted Data CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.8HIGH

EPSS

1.4%

top 19.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server IBM Infosphere Information Server ON Cloud

Timeline

PublishedJul 9

Latest updateMay 24

Description

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDibm/infosphere_information_server11.7.0.0 — 11.7.1.1+2

▶CVEListV5ibm/infosphere_information_server11.3, 11.5, 11.7+2

▶NVDibm/infosphere_information11.7.0.0 — 11.7.1.1+1

🔴Vulnerability Details

GHSA

GHSA-7r84-f4r2-q9q9: IBM InfoSphere Information Server 11↗2022-05-24

▶

CVEList

CVE-2020-4305: IBM InfoSphere Information Server 11↗2020-07-09

▶

📋Vendor Advisories

Red Hat

libsolv: Heap overflow↗2022-02-21

▶