CVE-2020-4276

HIGH

IBM WebSphere Application Server 7.0.0.0-7.0.0.45 - Privilege Escalation via SOAP Connector Token-Based Authentication

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-4276. PoCs published by mekoko.

AI-analyzed exploit summary This script scans for CVE-2020-4276 by checking for a 500 status code, SOAP content, and specific WebSphere server headers. It does not exploit the vulnerability but identifies potentially vulnerable targets.

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

Exploits (1)

nomisec SCANNER 6 stars

by mekoko · poc

https://github.com/mekoko/CVE-2020-4276

View Code ZIP pw:eip

This script scans for CVE-2020-4276 by checking for a 500 status code, SOAP content, and specific WebSphere server headers. It does not exploit the vulnerability but identifies potentially vulnerable targets.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: IBM WebSphere Application Server 7/8/9

No auth needed

Prerequisites: List of target IPs in 'ip.txt'

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.ibm.com/support/pages/node/6118222

VDB Entry, Vendor Advisory vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/175984

Scores

CVSS v3 7.5

EPSS 0.0043

EPSS Percentile 62.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

ibm/websphere_application_server 7.0.0.0 - 7.0.0.45

Published Mar 26, 2020

Tracked Since Feb 18, 2026