CVE-2020-4590

Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.

CVSS breakdown

CVSS 3.0

Scope

Unchanged

User Interaction

None

Attack Complexity

High

Confidentiality

None

Privileges Required

Low

Integrity

None

Attack Vector

Network

Availability

High

Changed

Unchanged

Affected products

ibm / websphere_application_server___liberty17.0.0.3 – 17.0.0.3
ibm / websphere_application_server___liberty20.0.0.9 – 20.0.0.9

References

MISChttps://www.ibm.com/support/pages/node/6333623
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/184650