Sign-up

ID

VAR-202004-1752


CVE

CVE-2020-4303


TITLE

IBM WebSphere Application Server - Liberty Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003564

DESCRIPTION

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668. Vendor exploits this vulnerability IBM X-Force ID: 176668 It is published as.Information may be obtained and tampered with. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2020-4303 // JVNDB: JVNDB-2020-003564 // CNVD: CNVD-2020-22194 // VULMON: CVE-2020-4303

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22194

AFFECTED PRODUCTS

vendor:ibmmodel:websphere application serverscope:gteversion:17.0.0.3

Trust: 1.0

vendor:ibmmodel:websphere application serverscope:lteversion:20.0.0.3

Trust: 1.0

vendor:ibmmodel:websphere application serverscope:eqversion:17.0.0.3 から 20.0.0.3

Trust: 0.8

vendor:ibmmodel:websphere application server libertyscope:gteversion:17.0.0.3,<=20.0.0.3

Trust: 0.6

sources: CNVD: CNVD-2020-22194 // JVNDB: JVNDB-2020-003564 // NVD: CVE-2020-4303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-4303
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4303
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003564
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-22194
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1742
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-4303
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-4303
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003564
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-22194
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-4303
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2020-4303
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-003564
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22194 // VULMON: CVE-2020-4303 // JVNDB: JVNDB-2020-003564 // CNNVD: CNNVD-202003-1742 // NVD: CVE-2020-4303 // NVD: CVE-2020-4303

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-003564 // NVD: CVE-2020-4303

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1742

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-1742

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003564

PATCH
title:6147195url:https://www.ibm.com/support/pages/node/6147195
Trust: 0.8
title:ibm-websphere-cve20204303-xss (176668)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/176668
Trust: 0.8
title:Patch for IBM WebSphere Application Server Liberty cross-site scripting vulnerability (CNVD-2020-22194)url:https://www.cnvd.org.cn/patchInfo/show/213101
Trust: 0.6
title:IBM WebSphere Application Server Liberty Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115374
Trust: 0.6
title:Red Hat: Moderate: Open Liberty 20.0.0.4 Runtime security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201428 - Security Advisory
Trust: 0.1
title:IBM: Security Bulletin:  Websphere Application Server Liberty vulnerabilities used by IBM Streamsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b8ffe02148f1db99a0e458cbaf7c612
Trust: 0.1
title:IBM: Security Bulletin:  Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Acceleratorurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=a24e06700e95b219544a9d80f5852dcc
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22194 // 
            
            
            
            VULMON: CVE-2020-4303 // 
            
            
            
            JVNDB: JVNDB-2020-003564 // 
            
            
            
            CNNVD: CNNVD-202003-1742

EXTERNAL IDS
db:NVDid:CVE-2020-4303
Trust: 3.1
db:JVNDBid:JVNDB-2020-003564
Trust: 0.8
db:CNVDid:CNVD-2020-22194
Trust: 0.6
db:NSFOCUSid:47978
Trust: 0.6
db:AUSCERTid:ESB-2020.1298
Trust: 0.6
db:AUSCERTid:ESB-2020.1283
Trust: 0.6
db:AUSCERTid:ESB-2020.2213
Trust: 0.6
db:AUSCERTid:ESB-2020.1732.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1732
Trust: 0.6
db:AUSCERTid:ESB-2020.1161
Trust: 0.6
db:CNNVDid:CNNVD-202003-1742
Trust: 0.6
db:VULMONid:CVE-2020-4303
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22194 // 
            
            
            
            VULMON: CVE-2020-4303 // 
            
            
            
            JVNDB: JVNDB-2020-003564 // 
            
            
            
            CNNVD: CNNVD-202003-1742 // 
            
            
            
            NVD: CVE-2020-4303

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/176668
Trust: 1.8
url:https://www.ibm.com/support/pages/node/6147195
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-4303
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4303
Trust: 0.8
url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2020-4303-cve-2020-4304/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilities-has-been-identified-in-websphere-liberty-profile-shipped-with-ibm-license-metric-tool-v9/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-performance-management-product/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-two-websphere-application-server-vulnerabilities/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47978
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-network-deployment-security-vulnerabilities-in-ibm-content-foundation-on-cloud-2/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-liberty-affects-ibm-waston-machine-learning-accelerator/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2213/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-websphere-application-server-affects-ibm-voice-gateway-2/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-that-affects-liberty-for-java-for-ibm-cloud-cve-2020-4303-cve-2020-4304/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1732.2/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-used-by-ibm-streams-3/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1283/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1161/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-ibm-websphere-application-server-liberty-vulnerabilities-cve-2020-4303-cve-2020-4304/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-liberty-server-wlp-affects-ibm-cloud-application-business-insights/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1298/
Trust: 0.6
url:http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1732/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-5/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-xss-vulnerabilities-affect-ibm-control-center-cve-2020-4303-cve-2020-4304/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2020-4303-cve-2020-4304-2/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1428
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22194 // 
            
            
            
            VULMON: CVE-2020-4303 // 
            
            
            
            JVNDB: JVNDB-2020-003564 // 
            
            
            
            CNNVD: CNNVD-202003-1742 // 
            
            
            
            NVD: CVE-2020-4303

SOURCES
db:CNVDid:CNVD-2020-22194
db:VULMONid:CVE-2020-4303
db:JVNDBid:JVNDB-2020-003564
db:CNNVDid:CNNVD-202003-1742
db:NVDid:CVE-2020-4303

LAST UPDATE DATE
2024-08-14T13:24:36.500000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22194date:2020-04-09T00:00:00
db:VULMONid:CVE-2020-4303date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2020-003564date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1742date:2021-03-01T00:00:00
db:NVDid:CVE-2020-4303date:2020-04-02T21:00:48.317

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22194date:2020-04-09T00:00:00
db:VULMONid:CVE-2020-4303date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2020-003564date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1742date:2020-03-31T00:00:00
db:NVDid:CVE-2020-4303date:2020-04-02T15:15:17.717