CVE-2020-4336

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 62.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Extreme Scale
Timeline
PublishedJan 6
Latest updateMay 24

Description

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/websphere_extreme_scale8.6.1.08.6.1.4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-h5gp-hgjc-h2ch: IBM WebSphere eXtreme Scale 82022-05-24
CVEList
CVE-2020-4336: IBM WebSphere eXtreme Scale 82021-01-06
CVE-2020-4336 (MEDIUM CVSS 5.3) | IBM WebSphere eXtreme Scale 8.6.1 s | cvebase.io