Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1C1678518312F18585D48228E2C4D89CBF458CAF1277708839EA38E32D0F11E3
HistoryFeb 13, 2020 - 2:46 p.m.

Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology

2020-02-1314:46:11
www.ibm.com
11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

There are vulnerabilities in IBM WebSphere Application Server that affect Rational Team Concert (RTC).

Vulnerability Details

Refer to the security bulletins(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
RTC 6.0.2
RTC 6.0.6.1
RTC 6.0.6

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For CLM applications version 6.0 to 6.0.6.1 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)

Security Bulletin: WebSphere Application Server is vulnerable to Apache Commons Beanutils (CVE-2019-10086)

Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty (CVE-2019-17495)

Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)

Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670)

Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)

Workarounds and Mitigations

None

Related

ibm 144
nessus 14
githubexploit 1
osv 4
veracode 2
github 2
prion 5
redhat 5
cve 5
fedora 2
openvas 8
debiancve 1
symantec 1
ubuntucve 1
mageia 1
suse 1
amazon 1
cgr 1
ibm
ibm
Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology
2020-02-13 14:48:06
Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology
2020-02-13 14:42:12
Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology
2021-04-28 18:35:50
nessus
nessus
Oracle Primavera Gateway (Oct 2020 CPU)
2020-10-22 00:00:00
IBM WebSphere Application Server Denial of Service (CVE-2019-4720)
2020-02-07 00:00:00
Fedora 31 : apache-commons-beanutils (2019-bcad44b5d6)
2019-11-14 00:00:00
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Smartbear Swagger Ui
2020-12-01 09:18:58
osv
osv
Cross-site scripting in Swagger-UI
2019-10-15 19:27:05
CVE-2019-17495
2019-10-10 22:15:10
Insecure Deserialization in Apache Commons Beanutils
2020-06-15 20:36:17
veracode
veracode
CSS Injection
2019-10-11 08:20:30
Authorization Bypass
2019-08-16 00:43:09
github
github
Cross-site scripting in Swagger-UI
2019-10-15 19:27:05
Insecure Deserialization in Apache Commons Beanutils
2020-06-15 20:36:17
prion
prion
Cross site scripting
2019-12-10 16:15:00
Design/Logic Flaw
2019-10-10 22:15:00
Design/Logic Flaw
2020-01-31 16:15:00
redhat
redhat
(RHSA-2020:0192) Moderate: Open Liberty 20.0.0.1 Runtime security update
2020-01-21 17:25:54
(RHSA-2020:0057) Important: rh-java-common-apache-commons-beanutils security update
2020-01-08 11:00:17
(RHSA-2020:0194) Important: apache-commons-beanutils security update
2020-01-21 18:21:47
cve
cve
CVE-2019-17495
2019-10-10 22:15:00
CVE-2019-4720
2020-01-31 16:15:00
CVE-2019-4663
2019-12-10 16:15:00
fedora
fedora
[SECURITY] Fedora 30 Update: apache-commons-beanutils-1.9.4-1.fc30
2019-11-13 09:58:19
[SECURITY] Fedora 31 Update: apache-commons-beanutils-1.9.4-1.fc31
2019-11-13 10:08:09
openvas
openvas
Fedora Update for apache-commons-beanutils FEDORA-2019-79b5790566
2019-11-14 00:00:00
CentOS: Security Advisory for apache-commons-beanutils (CESA-2020:0194)
2020-01-29 00:00:00
Fedora Update for apache-commons-beanutils FEDORA-2019-bcad44b5d6
2020-01-09 00:00:00
debiancve
debiancve
CVE-2019-10086
2019-08-20 21:15:00
symantec
symantec
Apache Commons Beanutils CVE-2019-10086 Remote Security Vulnerability
2019-08-15 00:00:00
ubuntucve
ubuntucve
CVE-2019-10086
2019-08-20 00:00:00
mageia
mageia
Updated apache-commons-beanutils packages fix security vulnerability
2019-12-19 16:44:26
suse
suse
Security update for apache-commons-beanutils (important)
2019-09-03 00:00:00
amazon
amazon
Important: apache-commons-beanutils
2020-02-17 19:50:00
cgr
cgr
CVE-2019-10086 vulnerabilities
2024-05-07 21:06:45

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 1C1678518312F18585D48228E2C4D89CBF458CAF1277708839EA38E32D0F11E3
ibm144nessus14githubexploit1osv4veracode2github2prion5redhat5cve5fedora2openvas8debiancve1symantec1ubuntucve1mageia1suse1amazon1cgr1