CVE-2020-4421

Description

IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.

CVSS breakdown

CVSS 3.0

Availability

Low

Integrity

Low

Attack Vector

Network

Attack Complexity

High

Scope

Unchanged

Confidentiality

Low

Privileges Required

Low

User Interaction

None

Unchanged

Changed

Affected products

ibm / websphere_application_server___liberty20.0.0.4 – 20.0.0.4
ibm / websphere_application_server___liberty19.0.0.5 – 19.0.0.5

References

MISChttps://www.ibm.com/support/pages/node/6205926
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/180084