CVE-2020-4305 : IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote atta

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.

Published 2020-07-09 19:15:12

Updated 2020-07-17 13:18:32

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2020-4305

IBM » Infosphere Information Server
Versions from including (>=) 11.7.0.0 and up to, including, (<=) 11.7.1.1
cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Information Server » Version: 11.3.0
cpe:2.3:a:ibm:infosphere_information_server:11.3.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Information Server » Version: 11.5.0
cpe:2.3:a:ibm:infosphere_information_server:11.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Information Server On Cloud
Versions from including (>=) 11.7.0.0 and up to, including, (<=) 11.7.1.1
cpe:2.3:a:ibm:infosphere_information_server_on_cloud:*:*:*:*:*:*:*:*
Matching versions
IBM » Infosphere Information Server On Cloud » Version: 11.5.0.0
cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5.0.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-4305

EPSS FAQ

1.85%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-4305

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	IBM Corporation
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-4305

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-4305

https://www.ibm.com/support/pages/node/6244664

Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/176677

IBM InfoSphere Information Server code execution CVE-2020-4305 Vulnerability Report
VDB Entry;Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-4305

Products affected by CVE-2020-4305

Exploit prediction scoring system (EPSS) score for CVE-2020-4305

CVSS scores for CVE-2020-4305

CWE ids for CVE-2020-4305

References for CVE-2020-4305