5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
There is a potential denial of service with the Google Guava library that is used in WebSphere Application Server.
CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142508> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
The recommended solution is to apply the interim fix, or Fix Pack as soon as practical.
For WebSphere Application Server Liberty:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH07297
--OR–
· Apply Fix Pack 19.0.0.1 or later (targeted availability 1Q2019).
For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:
For V9.0.0.0 through 9.0.0.10:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH07297
--OR–
· Apply Fix Pack 9.0.0.11 or later (targeted availability 2Q2019)
For V8.5.0.0 through 8.5.5.14 using Java SE 6:
· Refer to the following note: Java SE 6 end of service
For V8.5.0.0 through 8.5.5.14 using Java SE 7 or later:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH07297
--OR–
· Apply Fix Pack 8.5.5.16 or later (targeted availability 4Q2019)
CPE | Name | Operator | Version |
---|---|---|---|
websphere application server liberty core | eq | any | |
websphere application server | eq | 9.0 | |
websphere application server | eq | 8.0 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P