Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management Server 11.6
Discription

## Summary

IBM WebSphere Application Server 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

## Vulnerability Details

** CVEID: **[CVE-2020-4276]()
** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
InfoSphere Master Data Management| 11.6

## Remediation/Fixes

**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin**
—|—|—
InfoSphere Master Data Management 11.6| IBM WebSphere Application Server version 9.0|

[Security Bulletin: WebSphere Application Server is vulnerable to a Server-side Request Forgery vulnerability (CVE-2021-20480)]( “Security Bulletin: WebSphere Application Server is vulnerable to a Server-side Request Forgery vulnerability (CVE-2021-20480)” )

## Workarounds and Mitigations

None

##Read More

References

Back to Main
Subscribe for the latest news: