7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
47.3%
Denial of service vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway Web Service requests. CICS Transaction Gateway addressed the applicable CVEs.
CVEID:CVE-2019-4720
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
CICS Transaction Gateway | v9.1.0.0 - 9.1.0.3 |
CICS Transaction Gateway | V9.2.0.0 - 9.2.0.2 |
Upgrade the WebSphere Application Server Liberty Core used by CICS TG Gateway daemon. Updated WebSphere Application Server Liberty Core files used by Gateway daemon are made available on Fix Central.
Product
|
VRMF
|
APAR
|
Remediation / First Fix
โ|โ|โ|โ
CICS Transaction Gateway for Multiplatforms| 9.2.0.0
9.2.0.1
9.2.0.2| PH24764| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=92-CICSTG-Liberty-PH24764&source=SAR
CICS Transaction Gateway for Multiplatforms| 9.1.0.0
9.1.0.1
9.1.0.2
9.1.0.3| PH24764| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=91-CICSTG-Liberty-PH24764&source=SAR
None
CPE | Name | Operator | Version |
---|---|---|---|
cics transaction gateway | eq | 9.1.0 | |
cics transaction gateway | eq | 9.2.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
47.3%