Lucene search

K
ibmIBM929D837DD9C3EA90C20AF84418A0A2BB1D61BFBA6F69A8B90EB5479898403F5C
HistoryJun 20, 2020 - 6:09 a.m.

Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where the Rational Asset Manager is deployed

2020-06-2006:09:39
www.ibm.com
8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

In the WebSphere Application Server Admin console, where the Rational Asset Manager is deployed, vulnerabilities such as privilege escalation, denial of service, command execution, code execution and Information Disclosure are observed. Information about these security vulnerability affecting WebSphere Application Server is published in the respective security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.x.

NOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.

Remediation/Fixes

Refer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). Affected Supporting Product Affected Supporting Product Security Bulletin
IBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)
Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)
Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)
Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449)
Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)
Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329)

Workarounds and Mitigations

None.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for 929D837DD9C3EA90C20AF84418A0A2BB1D61BFBA6F69A8B90EB5479898403F5C