{"api_version":"1","generated_at":"2026-07-04T07:47:21+00:00","cve":"CVE-2020-4336","urls":{"html":"https://cve.report/CVE-2020-4336","api":"https://cve.report/api/cve/CVE-2020-4336.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-4336","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-4336"},"summary":{"title":"CVE-2020-4336","description":"IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2021-01-06 13:15:00","updated_at":"2021-01-11 16:25:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/6397682","name":"https://www.ibm.com/support/pages/node/6397682","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: Vulnerability in IBM WebSphere eXtreme Scale Liberty Deployment could expose sensitive information.","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/177932","name":"ibm-websphere-cve20204336-info-disc (177932)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-4336","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-4336","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"4336","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_extreme_scale","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4336","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_extreme_scale","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_format":"MITRE","affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"version":{"version_data":[{"version_value":"8.6.1"}]},"product_name":"WebSphere eXtreme Scale"}]}}]}},"data_type":"CVE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"data_version":"4.0","description":{"description_data":[{"value":"IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.","lang":"eng"}]},"impact":{"cvssv3":{"TM":{"RC":"C","E":"U","RL":"O"},"BM":{"PR":"N","AC":"H","A":"N","S":"U","AV":"N","C":"L","I":"N","UI":"N","SCORE":"3.700"}}},"references":{"reference_data":[{"title":"IBM Security Bulletin 6397682 (WebSphere eXtreme Scale)","url":"https://www.ibm.com/support/pages/node/6397682","refsource":"CONFIRM","name":"https://www.ibm.com/support/pages/node/6397682"},{"refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/177932","title":"X-Force Vulnerability Report","name":"ibm-websphere-cve20204336-info-disc (177932)"}]},"CVE_data_meta":{"STATE":"PUBLIC","DATE_PUBLIC":"2021-01-05T00:00:00","ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2020-4336"}},"nvd":{"publishedDate":"2021-01-06 13:15:00","lastModifiedDate":"2021-01-11 16:25:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:websphere_extreme_scale:*:*:*:*:*:*:*:*","versionStartIncluding":"8.6.1.0","versionEndExcluding":"8.6.1.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"4336","Ordinal":"164364","Title":"CVE-2020-4336","CVE":"CVE-2020-4336","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"4336","Ordinal":"1","NoteData":"IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"4336","Ordinal":"2","NoteData":"2021-01-06","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"4336","Ordinal":"3","NoteData":"2021-01-06","Type":"Other","Title":"Modified"}]}}}