Lucene search

IBMA0E9873CE477AFCDF49EA44C688C2E955608B19AF61940009894ABF7BB1A3C38

HistoryJul 07, 2020 - 1:14 p.m.

Security Bulletin: Swagger Vulnerability in WebSphere Application Server Liberty shipped with Cloud Pak System (CVE-2019-17495)

2020-07-0713:14:44

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

WebSphere Application Server Liberty is shipped as component with Cloud Pak System Information about security vulnerability affecting WebSphere Application Server liberty using Swagger UI have been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Principal Product(s)	Supporting Product Version(s)
IBM Cloud Pak System all releases	WebSphere Application Server - Liberty

Remediation/Fixes

Please consult the following security bulletin for vulnerability details and information about fixes

Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty (CVE-2019-17495)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak system softwareeq2.2
ibm cloud pak system softwareeq2.3

CPE	Name	Operator	Version
	ibm cloud pak system software	eq	2.2
	ibm cloud pak system software	eq	2.3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for A0E9873CE477AFCDF49EA44C688C2E955608B19AF61940009894ABF7BB1A3C38