What is CVE-2020-4305?

CVE-2020-4305 is a vulnerability in IBM InfoSphere Information Server that allows a remote attacker to execute arbitrary code on the system.

How does CVE-2020-4305 occur?

CVE-2020-4305 occurs due to the deserialization of untrusted data in IBM InfoSphere Information Server.

What is the severity of CVE-2020-4305?

CVE-2020-4305 has a severity level of 8.8 (Critical).

Which versions of IBM InfoSphere Information Server are affected by CVE-2020-4305?

IBM InfoSphere Information Server versions 11.3, 11.5, and earlier 11.7 releases up to 11.7.1.1 are affected by CVE-2020-4305.

How can CVE-2020-4305 be exploited?

CVE-2020-4305 can be exploited by persuading a victim to visit a specially crafted website.

Vulnerability/
CVE-2020-4305

critical

9.3

CWE

502

8/7/2020

4/8/2024

CVE-2020-4305

First published: Wed Jul 08 2020(Updated: )

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Infosphere Information Server	>=11.7.0.0<=11.7.1.1
Ibm Infosphere Information Server	=11.3.0
Ibm Infosphere Information Server	=11.5.0
Ibm Infosphere Information Server On Cloud	>=11.7.0.0<=11.7.1.1
Ibm Infosphere Information Server On Cloud	=11.5.0.0
	<=11.7.1.1 and earlier 11.7 releases
	<=11.5
	<=11.3

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6244664

Frequently Asked Questions

What is CVE-2020-4305?
CVE-2020-4305 is a vulnerability in IBM InfoSphere Information Server that allows a remote attacker to execute arbitrary code on the system.
How does CVE-2020-4305 occur?
CVE-2020-4305 occurs due to the deserialization of untrusted data in IBM InfoSphere Information Server.
What is the severity of CVE-2020-4305?
CVE-2020-4305 has a severity level of 8.8 (Critical).
Which versions of IBM InfoSphere Information Server are affected by CVE-2020-4305?
IBM InfoSphere Information Server versions 11.3, 11.5, and earlier 11.7 releases up to 11.7.1.1 are affected by CVE-2020-4305.
How can CVE-2020-4305 be exploited?
CVE-2020-4305 can be exploited by persuading a victim to visit a specially crafted website.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/author
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm infosphere information server
version/ibm infosphere information server/11.7.0.0
version/ibm infosphere information server/11.7.1.1
version/ibm infosphere information server/11.3.0
version/ibm infosphere information server/11.5.0
canonical/ibm infosphere information server on cloud
version/ibm infosphere information server on cloud/11.7.0.0
version/ibm infosphere information server on cloud/11.7.1.1
version/ibm infosphere information server on cloud/11.5.0.0
canonical/ibm infosphere information server, information server on cloud
version/ibm infosphere information server, information server on cloud/11.7.1.1 and earlier 11.7 releases
version/ibm infosphere information server, information server on cloud/11.5
version/ibm infosphere information server/11.3