Security Bulletin: A vulnerability in IBM WebSphere Application Server and WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2019-4441)

Summary

There is a vulnerability in IBM WebSphere Application Server and WebSphere Liberty that are used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. This issue was also addressed by IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights.

Vulnerability Details

CVEID:CVE-2019-4441
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163177 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Apply 1.3.6 Interim Fix 2 or later
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=1.3.6

Note that for versions earlier than 1.3.6, ONLY the UI component should be updated using this interim fix. Nothing else in the interim fix is relevant to this bulletin.

Please also consult the security bulletin Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4441) for vulnerability details and information about fixes for WebSphere Application Server.

Workarounds and Mitigations

None