7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.9%
There are multiple vulnerabilities in the IBM® WebSphere Application Server Liberty used by IBM LKS Administration and Reporting Tool and its Agent. A fix has been identified and is being published here.
CVEID:CVE-2021-26296
**DESCRIPTION:**Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197017 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-5258
**DESCRIPTION:**Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Common Licensing | Agent 9.0 |
IBM Common Licensing | ART 9.0 |
Apply the fix titled IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_WLP_iFix_1. The instructions for the same are as follows.
1). Download the fix titled IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_WLP_iFix_1 from Fix Central. Choose a ZIP appropriate for your target platform.
2). Stop the ART/Agent.
3). Navigate to the folder <Installation Location>/LKSAdmin for the ART and <Installation Location>/LKSAdminAgent for the Agent.
4). Rename the folder called _wlp _to wlp_old.
5). Unzip the fix into this folder. A new wlp folder would appear.
6). Replace the file wlp/etc/server.env with wlp_old/etc/server.env.
7). Start ART/Agent.
None
CPE | Name | Operator | Version |
---|---|---|---|
rational license key server | eq | 9.0 | |
rational license key server | eq | 8.1.6.5 |
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.9%