CVE-2020-4629Information Exposure via Error Message in IBM Websphere Application Server

CWE-209Information Exposure via Error Message4 documents4 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 87.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedSep 30
Latest updateMay 24

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/websphere_application_server7.0.0.07.0.0.45+3
CVEListV5ibm/websphere_application_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-2vj7-qv54-wqmr: IBM WebSphere Application Server 72022-05-24
CVEList
CVE-2020-4629: IBM WebSphere Application Server 72020-09-30

💬Community

1
Bugzilla
CVE-2019-2126 libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc2020-01-08
CVE-2020-4629 — Information Exposure via Error Message | cvebase