5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
A Cross-site Scripting related vulnerability has been found in IBM WebSphere Application Server - Liberty which is used by IBM License Key Server Administration & Reporting Tool (ART) and Administration Agent. The remediation has been included in the latest release of ART and Agent.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
ART | 8.1.5.6 |
ART | 8.1.5.1 |
ART | 8.1.5.2 |
ART | 8.1.5.3 |
ART | 8.1.6 |
ART | 8.1.5.4 |
ART | 8.1.6.1 |
ART | 8.1.5.5 |
ART | 8.1.5 |
ART | 8.1.6.2 |
ART | 8.1.6.3 |
Agent | 8.1.5 |
Agent | 8.1.5.1 |
Agent | 8.1.5.2 |
Agent | 8.1.5.3 |
Agent | 8.1.5.4 |
Agent | 8.1.5.5 |
Agent | 8.1.5.6 |
Agent | 8.1.6 |
Agent | 8.1.6.1 |
Agent | 8.1.6.2 |
Agent | 8.1.6.3 |
Vulnerability Details
CVEID:CVE-2019-4663
**DESCRIPTION:**IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Remediation
Upgrade to the version 8.1.6.4 of ART and Agent. Refer Release Notes 8.1.6.4 for Download and Application Instruction.
None
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N