Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM483FD8850EC23DFE9364A3680D92ECF757043F85CEA6FD1B90A5860711519E7D
HistoryApr 28, 2021 - 6:35 p.m.

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Rational products based on IBM Jazz technology

2021-04-2818:35:50
www.ibm.com
11

0.001 Low

EPSS

Percentile

28.9%

JSON

Summary

There is a clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center bundled with IBM Jazz Team Server based Applications that affect the following products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and IBM Rhapsody Model Manager.

Vulnerability Details

CVEID: CVE-2019-4285 DESCRIPTION: IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim’s click actions or launch other client-side browser attacks.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160513&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Rational Collaborative Lifecycle Management 6.0 - 6.0.6.1

Rational Quality Manager 6.0 - 6.0.6.1
Rational Team Concert 6.0 - 6.0.6.1
Rational DOORS Next Generation 6.0 - 6.0.6.1
Rational Engineering Lifecycle Manager 6.0 - 6.0.6.1
Rational Rhapsody Design Manager 6.0 - 6.0.6.1

IBM Rhapsody Model Manager 6.0.5 - 6.0.6.1

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server Liberty with the available versions of the products, and in addition to the bundled version some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS Liberty has been published.

For CLM applications version 6.0 to 6.0.6.1 review the Security Bulletin below to determine if your WAS Liberty version is affected and the required remediation:

Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285)

Workarounds and Mitigations

None

Related

ibm 7
cvelist 1
prion 1
cve 1
nvd 1
ibm
ibm
Security Bulletin: IBM MQ Console is vulnerable to a Click-jacking attack. (CVE-2019-4285)
2019-12-19 15:23:49
Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4285)
2022-02-22 19:59:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2019-4285)
2022-09-14 15:02:20
cvelist
cvelist
CVE-2019-4285
2019-07-25 00:00:00
prion
prion
Design/Logic Flaw
2019-07-30 14:15:00
cve
cve
CVE-2019-4285
2019-07-30 14:15:15
nvd
nvd
CVE-2019-4285
2019-07-30 14:15:15

0.001 Low

EPSS

Percentile

28.9%

JSON
Related for 483FD8850EC23DFE9364A3680D92ECF757043F85CEA6FD1B90A5860711519E7D
ibm7cvelist1prion1cve1nvd1