Lucene search

K
ibmIBM0CA122180FFBCE50BC034AB8F4162C49BBDAC371413884BCA8D7FC92D2846746
HistoryFeb 27, 2020 - 6:29 a.m.

Security Bulletin: Information disclosure in WebSphere Application Server affects MobileFirst Platform Foundation (CVE-2019-4441)

2020-02-2706:29:01
www.ibm.com
6

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Summary

IBM MobileFirst Platform Foundation has addressed the following vulnerability: Information Disclosure in WebSphere Application Server

Vulnerability Details

CVEID:CVE-2019-4441
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163177 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MobileFirst Platform Foundation 7.1.0.0 - using the scripts (BYOL)
IBM MobileFirst Platform Foundation 8.0.0.0 - ICP, IKS or using the scripts (BYOL)

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM MobileFirst Platform Foundation 7.1.0.0 Download the iFix from IBM MobileFirst Platform Foundation on FixCentral
IBM MobileFirst Platform Foundation 8.0.0.0 Download the iFix from IBM MobileFirst Platform Foundation on FixCentral

Workarounds and Mitigations

None

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Related for 0CA122180FFBCE50BC034AB8F4162C49BBDAC371413884BCA8D7FC92D2846746