Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM981C806CFF686CCFB3F363BE6465990FCFDA34E49CC85F598597A5695AECADCF
HistoryApr 27, 2022 - 10:23 a.m.

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management 11.6

2022-04-2710:23:01
www.ibm.com
2

0.001 Low

EPSS

Percentile

40.5%

JSON

Summary

IBM WebSphere Application Server 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing “dot dot” sequences (/…/) to view arbitrary files on the system. IBM X-Force ID: 160201.

Vulnerability Details

CVEID:CVE-2019-4268
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/…/) to view arbitrary files on the system. IBM X-Force ID: 160201.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160201 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Master Data Management 11.6

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM InfoSphere Master Data Management 11.6
IBM WebSphere Application Server versions 9.0.

Security Bulletin: File traversal vulnerability in WebSphere Application Server Admin Console (CVE-2019-4268)

Workarounds and Mitigations

None

Related

ibm 32
nessus 1
cvelist 1
cve 1
prion 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2019-4268)
2019-11-15 10:31:03
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2019-4268).
2020-02-14 14:06:10
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with OpenPages GRC Platform (CVE-2019-4268)
2019-10-08 22:32:46
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.1 File Traversal (CVE-2019-4268)
2020-10-19 00:00:00
cvelist
cvelist
CVE-2019-4268
2019-09-16 00:00:00
cve
cve
CVE-2019-4268
2019-09-17 19:15:00
prion
prion
Code injection
2019-09-17 19:15:00

0.001 Low

EPSS

Percentile

40.5%

JSON
Related for 981C806CFF686CCFB3F363BE6465990FCFDA34E49CC85F598597A5695AECADCF
ibm32nessus1cvelist1cve1prion1