I. Overview

IBM WebSphere has recently disclosed two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) existing in WebSphere Application Server, which is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.

If you are a WebSphere user, check your system and implement timely security hardening.

Reference links:

https://www.ibm.com/support/pages/node/6118222

https://www.ibm.com/support/pages/node/6174417

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected Versions:

WebSphere Application Server 7.0.x

WebSphere Application Server 8.0.x

WebSphere Application Server 8.5.x

WebSphere Application Server 9.0.x

Secure Versions:

WebSphere 8.5 series: 8.5.5.18 and later

WebSphere 9.0 series: 9.0.5.4 and later

IV. Vulnerability Handling

WebSphere 7.0 and 8.0 series are no longer in full support. However, patches are provided in the latest versions (7.0.0.45 and 8.0.0.15) to fix the vulnerabilities. You can upgrade the system to the latest version and install the patches to fix vulnerabilities.

For WebSphere 8.5 series: This vulnerability will be fixed in 8.5.5.18 or later. You can install patches before the upgrade is available.

For WebSphere 9.0 series: This vulnerability will be fixed in 9.0.5.4 or later. You can install patches before the upgrade is available.

Download the patch for fixing CVE-2020-4276 at: https://www.ibm.com/support/pages/node/6118006

Download the patch for fixing CVE-2020-4362 at: https://www.ibm.com/support/pages/node/6174273

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.