7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There is a denial of server vulnerability in IBM WebSphere Liberty Profile used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1 have addressed the applicable CVE.
CVEID:CVE-2019-4720
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Conductor | 2.2.1 |
IBM Spectrum Conductor | 2.4 |
IBM Spectrum Conductor | 2.4.1 |
IBM Spectrum Conductor | 2.3 |
Product(s) | Version(s) | APAR | Remediation/Fixes |
---|---|---|---|
IBM Spectrum Conductor with Spark | 2.2.1 | None | cws-2.2.1-build545141 |
IBM Spectrum Conductor | 2.3.0 | None | sc-2.3-build545140 |
IBM Spectrum Conductor | 2.4.0 | None | sc-2.4-build545139 |
IBM Spectrum Conductor | 2.4.1 | None | sc-2.4.1-build545138 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum conductor | eq | 2.2.1 | |
ibm spectrum conductor | eq | 2.3.0 | |
ibm spectrum conductor | eq | 2.4.0 | |
ibm spectrum conductor | eq | 2.4.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P