Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM089B564037CD6CBF124F570A0074A8E6C37E90240BCF8C5297D2EBD444E34F18
HistoryFeb 24, 2020 - 3:20 p.m.

Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect DOORS Next Generation (DNG/RRC)

2020-02-2415:20:04
www.ibm.com
15

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

There are vulnerabilities in IBM WebSphere Application Server Liberty that affect DOORS Next Generation(DNG/RRC).

Vulnerability Details

Refer to the security bulletins(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
RDNG 6.0.2
DNG 6.0.6
DNG 6.0.6.1
RDNG 6.0.6.1
RDNG 6.0.6
DNG 6.0.2

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For CLM applications version 6.0 to 6.0.6.1 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)

Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty (CVE-2019-17495)

Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406)

Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)

Workarounds and Mitigations

None

Related

ibm 146
redhat 7
nessus 3
osv 4
githubexploit 1
veracode 2
github 2
prion 4
cve 4
redhatcve 1
oracle 7
ibm
ibm
Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology
2021-04-28 18:35:50
Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty bundled with IBM WebSphere Application Server Patterns (CVE-2019-17495)
2020-01-22 16:27:51
Security Bulletin: Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
2020-04-28 18:31:41
redhat
redhat
(RHSA-2020:0556) Important: Open Liberty 20.0.0.2 Runtime security update
2020-02-19 20:46:32
(RHSA-2020:0192) Moderate: Open Liberty 20.0.0.1 Runtime security update
2020-01-21 17:25:54
(RHSA-2019:4117) Moderate: Open Liberty 19.0.0.12 Runtime security update
2019-12-09 15:15:03
nessus
nessus
Oracle Primavera Gateway (Oct 2020 CPU)
2020-10-22 00:00:00
IBM WebSphere Application Server Denial of Service (CVE-2019-4720)
2020-02-07 00:00:00
IBM WebSphere Application Server 9.0.x < 9.0.5.3 DoS (CVE-2019-12406)
2020-10-20 00:00:00
osv
osv
Cross-site scripting in Swagger-UI
2019-10-15 19:27:05
CVE-2019-17495
2019-10-10 22:15:10
Potential DOS attack due to unrestricted attachment count in messages
2019-11-08 17:15:11
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Smartbear Swagger Ui
2020-12-01 09:18:58
veracode
veracode
CSS Injection
2019-10-11 08:20:30
Denial Of Service (DoS)
2019-11-07 08:16:28
github
github
Cross-site scripting in Swagger-UI
2019-10-15 19:27:05
Potential DOS attack due to unrestricted attachment count in messages
2019-11-08 17:15:11
prion
prion
Design/Logic Flaw
2019-10-10 22:15:00
Cross site scripting
2019-12-10 16:15:00
Design/Logic Flaw
2020-01-31 16:15:00
cve
cve
CVE-2019-17495
2019-10-10 22:15:00
CVE-2019-4720
2020-01-31 16:15:00
CVE-2019-4663
2019-12-10 16:15:00
redhatcve
redhatcve
CVE-2019-12406
2020-03-23 14:08:29
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 089B564037CD6CBF124F570A0074A8E6C37E90240BCF8C5297D2EBD444E34F18
ibm146redhat7nessus3osv4githubexploit1veracode2github2prion4cve4redhatcve1oracle7