Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM005363E4530755E27EAC7DBD28620D51EF1C1AAA46B11E8D2B5DBA6A96075139
HistoryDec 20, 2019 - 6:54 p.m.

Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data

2019-12-2018:54:53
www.ibm.com
6

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Summary

A vulnerability in the IBM WebSphere Application Server Liberty embedded in IBM Watson Compare and Comply for IBM Cloud Pak for Data could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie.

Vulnerability Details

CVEID:CVE-2019-4305
**DESCRIPTION:**IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160951 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Compare and Comply for IBM Cloud Pak for Data V1.0.0-V1.1.6

Remediation/Fixes

Upgrade to IBM Watson Compare and Comply for IBM Cloud Pak for Data 1.1.7. To download the software, go to Passport Advantage, then search for โ€œwatson compare and comply for ICP for Dataโ€, then select IBM Watson Compare and Comply for ICP for Data V1.1.7 Linux English , part number CC4U4EN.

Workarounds and Mitigations

None

Related

ibm 38
cvelist 1
cve 1
prion 1
ibm
ibm
Security Bulletin: Novalink is impacted by Multiple vulnerabilities in WebSphere Application Server Liberty
2020-07-22 19:40:25
Security Bulletin: Cookie created without secure flag WAS Liberty (CVE-2019-4305)
2020-05-22 17:44:41
Security Bulletin: Information disclosure in WebSphere Application Server Liberty bundled with IBM Operations Analytics - Log Analysis (CVE-2019-4305)
2020-02-14 11:57:05
cvelist
cvelist
CVE-2019-4305
2019-09-26 00:00:00
cve
cve
CVE-2019-4305
2019-09-30 16:15:00
prion
prion
Information disclosure
2019-09-30 16:15:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for 005363E4530755E27EAC7DBD28620D51EF1C1AAA46B11E8D2B5DBA6A96075139
ibm38cvelist1cve1prion1