What is the severity of CVE-2020-4276?

CVE-2020-4276 has been classified with a high severity rating due to its potential for privilege escalation.

How do I fix CVE-2020-4276?

To fix CVE-2020-4276, you should apply the latest security patches provided by IBM for affected versions of WebSphere Application Server.

Which versions of IBM WebSphere Application Server are affected by CVE-2020-4276?

CVE-2020-4276 affects IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 up to their respective latest fix packs.

What type of vulnerability is CVE-2020-4276?

CVE-2020-4276 is a privilege escalation vulnerability that can occur when using token-based authentication over the SOAP connector.

Is CVE-2020-4276 a critical vulnerability in WebSphere Application Server?

Yes, CVE-2020-4276 is considered critical as it allows unauthorized access to administrative functionalities when exploited.

Vulnerability/
CVE-2020-4276

high

7.5

25/3/2020

26/3/2020

17/9/2024

CVE-2020-4276

First published: Wed Mar 25 2020(Updated: )

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server	<=9.0
IBM WebSphere Application Server	<=7.0
IBM WebSphere Application Server	<=8.0
IBM WebSphere Application Server	<=8.5
IBM WebSphere Application Server	>=7.0.0.0<=7.0.0.45
IBM WebSphere Application Server	>=8.0.0.0<=8.0.0.15
IBM WebSphere Application Server	>=8.5.0.0<=8.5.5.17
IBM WebSphere Application Server	>=9.0.0.0<=9.0.5.3

Remedy

https://www.ibm.com/support/pages/node/6118222

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6118222

Frequently Asked Questions

What is the severity of CVE-2020-4276?
CVE-2020-4276 has been classified with a high severity rating due to its potential for privilege escalation.
How do I fix CVE-2020-4276?
To fix CVE-2020-4276, you should apply the latest security patches provided by IBM for affected versions of WebSphere Application Server.
Which versions of IBM WebSphere Application Server are affected by CVE-2020-4276?
CVE-2020-4276 affects IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 up to their respective latest fix packs.
What type of vulnerability is CVE-2020-4276?
CVE-2020-4276 is a privilege escalation vulnerability that can occur when using token-based authentication over the SOAP connector.
Is CVE-2020-4276 a critical vulnerability in WebSphere Application Server?
Yes, CVE-2020-4276 is considered critical as it allows unauthorized access to administrative functionalities when exploited.

agent/references
agent/type
agent/first-publish-date
agent/remedy
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm websphere application server
version/ibm websphere application server/9.0
version/ibm websphere application server/7.0
version/ibm websphere application server/8.0
version/ibm websphere application server/8.5
version/ibm websphere application server/7.0.0.0
version/ibm websphere application server/7.0.0.45
version/ibm websphere application server/8.0.0.0
version/ibm websphere application server/8.0.0.15
version/ibm websphere application server/8.5.0.0
version/ibm websphere application server/8.5.5.17
version/ibm websphere application server/9.0.0.0
version/ibm websphere application server/9.0.5.3