Service Notices
WebSphere Remote Code Execution Vulnerabilities (CVE-2020-4276 and CVE-2020-4362)
Apr 15, 2020 GMT+08:00
I. Overview
IBM WebSphere has recently disclosed two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) existing in WebSphere Application Server, which is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.
If you are a WebSphere user, check your system and implement timely security hardening.
Reference links:
https://www.ibm.com/support/pages/node/6118222
https://www.ibm.com/support/pages/node/6174417
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected Versions:
WebSphere Application Server 7.0.x
WebSphere Application Server 8.0.x
WebSphere Application Server 8.5.x
WebSphere Application Server 9.0.x
Secure Versions:
WebSphere 8.5 series: 8.5.5.18 and later
WebSphere 9.0 series: 9.0.5.4 and later
IV. Vulnerability Handling
WebSphere 7.0 and 8.0 series are no longer in full support. However, patches are provided in the latest versions (7.0.0.45 and 8.0.0.15) to fix the vulnerabilities. You can upgrade the system to the latest version and install the patches to fix vulnerabilities.
For WebSphere 8.5 series: This vulnerability will be fixed in 8.5.5.18 or later. You can install patches before the upgrade is available.
For WebSphere 9.0 series: This vulnerability will be fixed in 9.0.5.4 or later. You can install patches before the upgrade is available.
Download the patch for fixing CVE-2020-4276 at: https://www.ibm.com/support/pages/node/6118006
Download the patch for fixing CVE-2020-4362 at: https://www.ibm.com/support/pages/node/6174273
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.