CVE-2020-4365Server-Side Request Forgery in IBM Websphere Application Server

CWE-918Server-Side Request Forgery4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 74.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedMay 14
Latest updateMay 24

Description

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/websphere_application_server8.5.0.08.5.5.17

🔴Vulnerability Details

3
GHSA
GHSA-8cw6-v85x-2m9p: IBM WebSphere Application Server 82022-05-24
OSV
bind9 vulnerabilities2020-05-20
CVEList
CVE-2020-4365: IBM WebSphere Application Server 82020-05-14
CVE-2020-4365 — Server-Side Request Forgery in IBM | cvebase