Lucene search

IBM503C7F01247B3F7266307A5AF9A34E636C096647FADC5B8954B76AE851BCE38A

HistoryJul 27, 2020 - 7:51 a.m.

Security Bulletin: Novalink is impacted by WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)

2020-07-2707:51:37

www.ibm.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Summary

Novalink uses WebSphere Application Server Liberty. There is a cross-site scripting vulnerability in the Admin Center. This has been addressed.

Vulnerability Details

CVEID:CVE-2019-4663
**DESCRIPTION:**IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
NovaLink	1.0.0.13
NovaLink	1.0.0.15

Remediation/Fixes

The recommended solution is to upgrade to Novalink version 1.0.0.16

Workarounds and Mitigations

None

CPENameOperatorVersion
powervm novalinkeq1.0.0.16

CPE	Name	Operator	Version
	powervm novalink	eq	1.0.0.16

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Related for 503C7F01247B3F7266307A5AF9A34E636C096647FADC5B8954B76AE851BCE38A