IBM7929CDAE262F0CF3678FFA6D8C6E7A4AED010B2992EDF5CAF927ABA03465EEE6Security Bulletin: WebSphere Application Server which is bundled with IBM WebSphere Hybrid Edition is vulnerable to Information Disclosure (CVE-2021-29842)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.5%
Summary
WebSphere Application Server, bundled with IBM WebSphere Hybrid Edition, is vulnerable to Information Disclosure (CVE-2021-29842)
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Principal Affected Product(s) and Version(s) | Affecting Product(s) and Version(s) |
|---|---|
| IBM WebSphere Hybrid Edition, all |
WebSphere Application Server
- 9.0
- 8.5
- 8.0
- 7.0
WebSphere Application Server Liberty
- 17.0.0.3 - 21.0.0.9
Remediation/Fixes
WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842)
Workarounds and Mitigations
None
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.5%