7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale, which could allow a remote attacker to cause a denial of service.
CVEID:CVE-2019-4720
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
The Elastic Storage Server 5.3.0 thru 5.3.5.2
The Elastic Storage Server 5.0.0 thru 5.2.9
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6
For IBM Elastic Storage Server V5.0.0 thru 5.3.5.2, apply V5.3.6 available from FixCentral at:
For IBM Elastic Storage Server V5.0.0 thru 5.2.9, apply V5.2.10 available from FixCentral at:
If you are unable to upgrade to ESS 5.3.6 or 5.2.10, contact IBM Service to obtain an efix:
- For IBM Elastic Storage Server 5.3.0-5.3.5.2, reference APAR IJ24119
- For IBM Elastic Storage Server 5.0.0- 5.2.9, reference APAR IJ24099
- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IJ24099
To contact IBM Service, see <http://www.ibm.com/planetwide/>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm elastic storage server | eq | 4.2 | |
ibm elastic storage server | eq | 5.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P