CVE-2020-4534Improper Privilege Management in IBM Websphere Application Server

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 79.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedAug 3
Latest updateMay 24

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5ibm/websphere_application_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-69gj-p4vx-w4jg: IBM WebSphere Application Server 72022-05-24
CVEList
CVE-2020-4534: IBM WebSphere Application Server 72020-08-03
CVE-2020-4534 — Improper Privilege Management in IBM | cvebase