7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Potential spoofing and denial of service vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments.
CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152531> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156242> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
The following products and versions are affected by this vulnerability:
IBM Spectrum Protect (formerly Tivoli Storage Manager) Client web user interface versions:
- 8.1.7 and 8.1.7.1
IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions:
- 8.1.0.0 through 8.1.7.0
- 7.1.0.0 through 7.1.8.5
IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions:
- 8.1.4.0 through 8.1.7.0
Backup-Archive Client web user interface Release |First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1 | 8.1.8 | Linux
Windows |
<https://www.ibm.com/support/docview.wss?uid=ibm10885610>
Data Protection for
VMware Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1 | 8.1.8 | Linux
Windows |
<https://www.ibm.com/support/docview.wss?uid=ibm10879887>
7.1 | 7.1.8.6 | Linux
Windows | <https://www.ibm.com/support/docview.wss?uid=swg24044553>
Data Protection for Hyper-V Release
|
First Fixing VRM Level
|
Platform
| Link to Fix
—|—|—|—
8.1 | 8.1.8 | Windows |
<https://www.ibm.com/support/docview.wss?uid=ibm10879887>
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P