Medium Severity

Security Bulletin: Potential spoofing attack in Liberty for Java (CVE-2020-4421)

Share this post:

IBM WebSphere Application Server Liberty using openidConnectServer feature could allow spoofing identity by an authenticated user. This has been addressed.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Liberty for Java 3.44

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6220578

More stories

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ (CVE-2019-17495)

Jul 11, 2020 8:00 pm EDT | Medium Severity

There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ. ...read more



Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495)

Jul 10, 2020 8:00 pm EDT | Medium Severity

There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan. ...read more