Vulnerabilities > CVE-2020-4276 - Unspecified vulnerability in IBM Websphere Application Server

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
ibm
nessus

Summary

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

Vulnerable Configurations

Part Description Count
Application
Ibm
145

Nessus

NASL familyWeb Servers
NASL idWEBSPHERE_CVE-2020-4276.NASL
descriptionThe IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.4. It is, therefore, affected by a privilege escalation vulnerability. The vulnerability exists in IBM WebSphere Application Server due to an unspecified reason. An authenticated, remote attacker can exploit this, via token-based authentication in an admin request over the SOAP connector, to gain privileged access to the system.
last seen2020-04-18
modified2020-04-02
plugin id135180
published2020-04-02
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/135180
titleIBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.4 Privilege Escalation (CVE-2020-4276)