Security Bulletin: A Security Vulnerability in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent


## Summary A security vulnerability, related to Apache Commons Compress library, has been found in the IBM® WebSphere Application Server Liberty used by IBM LKS Administration and Reporting Tool and its Agent. A fix has been identified and is being published here. ## Vulnerability Details ** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) ** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Common Licensing| Agent 9.0 IBM Common Licensing| ART 9.0 ## Remediation/Fixes Upgrade to the latest ART/Agent 9.0 iFix 5 from [Fix Central.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Common+Licensing&release=9.0&platform=AIX&function=all> "Fix Central." ) ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
rational license key server 9.0