CVE-2020-4336: Infoleak
First published: Tue Jan 05 2021(Updated: )
IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere eXtreme Scale | >=8.6.1.0<8.6.1.4 | |
| <=8.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4336?
The severity of CVE-2020-4336 is rated as medium with a CVSS score of 5.3.
How can I mitigate the risk associated with CVE-2020-4336?
To mitigate the risk associated with CVE-2020-4336, ensure that sensitive information is not stored in URL parameters and restrict access to URLs in server logs, referrer headers, and browser history.
What software is affected by CVE-2020-4336?
IBM WebSphere eXtreme Scale version 8.6.1 is affected by CVE-2020-4336.
Is there a reference link for CVE-2020-4336?
Yes, you can find more information about CVE-2020-4336 at the IBM X-Force ID: 177932 and through the IBM support page.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm websphere extreme scale
- version/ibm websphere extreme scale/8.6.1.0
- version/ibm websphere extreme scale/8.6.1