CVE-2020-4305 - Vulnerability Details

Vendors	Products
Ibm	Infosphere Information Server Infosphere Information Server On Cloud

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/176677
https://www.ibm.com/support/pages/node/6244664

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "InfoSphere Information Server", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.3"}, {"status": "affected", "version": "11.5"}, {"status": "affected", "version": "11.7"}]}], "datePublic": "2020-07-08T00:00:00", "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/AV:N/I:H/S:U/PR:N/UI:N/A:H/C:H/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-09T19:05:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6244664"}, {"name": "ibm-infosphere-cve20204305-code-exec (176677)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-07-08T00:00:00", "ID": "CVE-2020-4305", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InfoSphere Information Server", "version": {"version_data": [{"version_value": "11.3"}, {"version_value": "11.5"}, {"version_value": "11.7"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "H", "AV": "N", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6244664", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6244664 (InfoSphere Information Server)", "url": "https://www.ibm.com/support/pages/node/6244664"}, {"name": "ibm-infosphere-cve20204305-code-exec (176677)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:00:07.340Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6244664"}, {"name": "ibm-infosphere-cve20204305-code-exec (176677)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4305", "datePublished": "2020-07-09T19:05:20.949636Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:51:22.944Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : InfoSphere Information Server (string)

vendor : IBM (string)

versions : [ »

0 : { »

status : affected (string)

version : 11.3 (string)

}

1 : { »

status : affected (string)

version : 11.5 (string)

}

2 : { »

status : affected (string)

version : 11.7 (string)

}

]

}

]

datePublic : 2020-07-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.1 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

exploitCodeMaturity : UNPROVEN (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

remediationLevel : OFFICIAL_FIX (string)

reportConfidence : CONFIRMED (string)

scope : UNCHANGED (string)

temporalScore : 7.1 (number)

temporalSeverity : HIGH (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AC:H/AV:N/I:H/S:U/PR:N/UI:N/A:H/C:H/E:U/RC:C/RL:O (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Gain Privileges (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-07-09T19:05:20 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.ibm.com/support/pages/node/6244664 (string)

}

1 : { »

name : ibm-infosphere-cve20204305-code-exec (176677) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/176677 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

DATE_PUBLIC : 2020-07-08T00:00:00 (string)

ID : CVE-2020-4305 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : InfoSphere Information Server (string)

version : { »

version_data : [ »

0 : { »

version_value : 11.3 (string)

}

1 : { »

version_value : 11.5 (string)

}

2 : { »

version_value : 11.7 (string)

}

]

}

]

}

vendor_name : IBM (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. (string)

}

]

}

impact : { »

cvssv3 : { »

BM : { »

A : H (string)

AC : H (string)

AV : N (string)

C : H (string)

I : H (string)

PR : N (string)

S : U (string)

UI : N (string)

}

TM : { »

E : U (string)

RC : C (string)

RL : O (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Gain Privileges (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.ibm.com/support/pages/node/6244664 (string)

refsource : CONFIRM (string)

title : IBM Security Bulletin 6244664 (InfoSphere Information Server) (string)

url : https://www.ibm.com/support/pages/node/6244664 (string)

}

1 : { »

name : ibm-infosphere-cve20204305-code-exec (176677) (string)

refsource : XF (string)

title : X-Force Vulnerability Report (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/176677 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T08:00:07.340Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.ibm.com/support/pages/node/6244664 (string)

}

1 : { »

name : ibm-infosphere-cve20204305-code-exec (176677) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/176677 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2020-4305 (string)

datePublished : 2020-07-09T19:05:20.949636Z (string)

dateReserved : 2019-12-30T00:00:00 (string)

dateUpdated : 2024-09-16T19:51:22.944Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6504B23-3851-4FCC-AC0F-C8473FF19955", "versionEndIncluding": "11.7.1.1", "versionStartIncluding": "11.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C597CCD-F665-4F71-A75C-45F8A928975B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2709CD81-06EC-4830-835E-C0AFD74236A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server_on_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B069560-A297-4310-8D88-D5C8C0176292", "versionEndIncluding": "11.7.1.1", "versionStartIncluding": "11.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B129A28-6A8D-4822-8503-7BDF2F3ED730", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677."}, {"lang": "es", "value": "IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el sistema, causado por la deserializaci\u00f3n de datos no confiables. Al persuadir a una v\u00edctima para que visite un sitio web especialmente dise\u00f1ado, un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema. IBM X-Force ID: 176677"}], "id": "CVE-2020-4305", "lastModified": "2024-11-21T05:32:33.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-09T19:15:11.820", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6244664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6244664"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A6504B23-3851-4FCC-AC0F-C8473FF19955 (string)

versionEndIncluding : 11.7.1.1 (string)

versionStartIncluding : 11.7.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:11.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C597CCD-F665-4F71-A75C-45F8A928975B (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server:11.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2709CD81-06EC-4830-835E-C0AFD74236A6 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server_on_cloud:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B069560-A297-4310-8D88-D5C8C0176292 (string)

versionEndIncluding : 11.7.1.1 (string)

versionStartIncluding : 11.7.0.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3B129A28-6A8D-4822-8503-7BDF2F3ED730 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. (string)

}

1 : { »

lang : es (string)

value : IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado por la deserialización de datos no confiables. Al persuadir a una víctima para que visite un sitio web especialmente diseñado, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. IBM X-Force ID: 176677 (string)

}

]

id : CVE-2020-4305 (string)

lastModified : 2024-11-21T05:32:33.680 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.1 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.2 (number)

impactScore : 5.9 (number)

source : psirt@us.ibm.com (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-07-09T19:15:11.820 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : VDB Entry (string)

1 : Vendor Advisory (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/176677 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.ibm.com/support/pages/node/6244664 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : VDB Entry (string)

1 : Vendor Advisory (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/176677 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.ibm.com/support/pages/node/6244664 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-502 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object