IBM Support

PH22080: Cross-site Scripting vulnerability in WebSphere Application Server Liberty (CVE-2020-4303, CVE-2020-4304)

Download


Downloadable File

Abstract

PH22080: Cross-site Scripting vulnerability in the OAuth, OpenID Connect and SAML features in WebSphere Application Server Liberty (CVE-2020-4303, CVE-2020-4304).

Download Description

PH22080 resolves the following problem:
ERROR DESCRIPTION:
Cross-site Scripting vulnerability in WebSphere Application Server Liberty (CVE-2020-4303, CVE-2020-4304)

PROBLEM SUMMARY:
Cross-site Scripting vulnerability in WebSphere Application Server Liberty (CVE-2020-4303, CVE-2020-4304)
Affected features are samlweb-2.0, openidconnectClient-1.0, oauth-2.0, and openidConnectServer-1.0.

PROBLEM CONCLUSION:
Cross-site Scripting vulnerability in WebSphere Application Server Liberty (CVE-2020-4303, CVE-2020-4304)
For installing into a Docker application image based on Liberty images, please review: https://www-01.ibm.com/support/docview.wss?uid=ibm10961580

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
19.0.0.12 Archive Readme 2442
19.0.0.12 Readme 2442
20.0.0.3 Archive Readme
2410
20.0.0.3 Readme 2410

Download Package

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

190012-wlp-archive-IFPH22080 30 March 2020 3463582 FC
19.0.0.12-WS-WLP-IFPH22080 30 March 2020 3537450 FC
20003-wlp-archive-IFPH22080 30 March 2020 3467355 FC
20.0.0.3-WS-WLP-IFPH22080 30 March 2020 3541223 FC

Problems Solved

PH22080

On

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF017","label":"Mac OS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z/OS"}],"Version":"19.0.0.12 20.0.0.3","Edition":"Liberty"}]

Document Information

Modified date:
31 March 2020

UID

ibm16129597