Lucene search

K
ibmIBM9D474CFA28D8B0313A49C799D05622C172F9872EA0EAE8F12773DAC4E1DEF768
HistoryFeb 13, 2020 - 10:36 a.m.

Security Bulletin: Security vulnerabilities is identified in WebSphere Application Server where Rational Asset Manager is deployed (CVE-2019-10086 and CVE-2019-4441)

2020-02-1310:36:28
www.ibm.com
32

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary

In the WebSphere Application Server Admin console where the Rational Asset Manager is deployed, a potential security vulnerabilities are identified. Information about this security vulnerability affecting WebSphere Application Server is published in the respective security bulletin.

Vulnerability Details

Refer to the security bulletins listed in the Remediation/Fixes section.

Affected Products and Versions

IBM Rational Asset Manager 7.5 and 7.5.1.

NOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.

Remediation/Fixes

Refer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS).

Affected Supporting Product

|

Affected Supporting Product Security Bulletin

—|—
IBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0. | Security Bulletin: WebSphere Application Server is vulnerable to Apache Commons Beanutils (CVE-2019-10086)
IBM WebSphere Application Server Version 7.0, 8.0, 8.5, 9.0, and Liberty | Security Bulletin: Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4441)

Workarounds and Mitigations

None.

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P