## Summary
IBM WebSphere Application Server 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.
## Vulnerability Details
** CVEID: **[CVE-2020-4276]()
** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175984]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
InfoSphere Master Data Management| 11.6
## Remediation/Fixes
**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin**
—|—|—
InfoSphere Master Data Management 11.6| IBM WebSphere Application Server version 9.0|
[Security Bulletin: WebSphere Application Server is vulnerable to a Server-side Request Forgery vulnerability (CVE-2021-20480)]( “Security Bulletin: WebSphere Application Server is vulnerable to a Server-side Request Forgery vulnerability (CVE-2021-20480)” )
## Workarounds and Mitigations
None