Lucene search

K
ibmIBM15189595CF9923F732F7A58188CAB2DF9774FC18E235B5BF9FDD85AE7E52DABB
HistorySep 25, 2019 - 2:00 p.m.

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2019-4442), (CVE-2019-4271), (CVE-2019-4268), (CVE-2019-4270), (CVE-2019-4477)

2019-09-2514:00:49
www.ibm.com
4

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Summary

WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

These vulnerabilities affect the following versions and releases of IBM WebSphere Remote Server:
9.0, 8.5, 7.1, 7.0

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

WebSphere Remote Server

9.0, 8.5, 7.1, 7.0

|

WebSphere Application Server

9.0, 8.5, 8.0, 7.0

|

Path traversal vulnerability in WebSphere Application Server Admin Console (CVE-2019-4442)

WebSphere Remote Server
9.0, 8.5, 7.1, 7.0

|

WebSphere Application Server

9.0, 8.5, 8.0, 7.0

|

HTTP Parameter Pollution and XSS vulnerability in WebSphere Application Server Admin Console ND (CVE-2019-4271)

WebSphere Remote Server

9.0, 8.5, 7.1, 7.0

|

WebSphere Application Server

9.0, 8.5, 8.0, 7.0

|

File traversal vulnerability in WebSphere Application Server Admin Console (CVE-2019-4268)

WebSphere Remote Server

9.0, 8.5, 7.1, 7.0

|

WebSphere Application Server

9.0, 8.5, 8.0, 7.0

|

Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4270)

WebSphere Remote Server

9.0, 8.5. 7.1. 7.0

|

WebSphere Application Server

9.0, 8.5, 8.0, 7.0

|

Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4477)

CPENameOperatorVersion
websphere remote servereqany

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Related for 15189595CF9923F732F7A58188CAB2DF9774FC18E235B5BF9FDD85AE7E52DABB