There are multiple security vulnerabilities that affect the IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter.
There is a potential spoofing vulnerability in IBM WebSphere Application Server. There is a potential denial of service vulnerability in WebSphere Application Server.
CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152531>
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-4046
DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156242> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter
For more information on the vulnerabilities refer to the IBM WebSphere Application Server bulletins listed below
To obtain these changes for your installation, upgrade IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter to version 3.0 or higher. The service procedure can be found here:
CPE | Name | Operator | Version |
---|---|---|---|
ibm websphere application server in ibm cloud | eq | any |