Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2019-4268).

2020-02-1414:06:10

www.ibm.com

0.001 Low

EPSS

Percentile

41.0%

JSON

Summary

IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletins(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
ITNM	4.2.0.x
ITNM	3.9
ITNM	4.1.1.x

Remediation/Fixes

Affected Product(s)	Versions(s)	Remediation
ITNM	4.2.0.x	File traversal vulnerability in WebSphere Application Server Admin Console

Please see section For V8.5.0.0 through 8.5.5.16:

ITNM| 4.1.1.x|

File traversal vulnerability in WebSphere Application Server Admin Console

Please see section For V7.0.0.0 through 7.0.0.45:

ITNM| 3.9|

File traversal vulnerability in WebSphere Application Server Admin Console

Please see section For V7.0.0.0 through 7.0.0.45:

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool configuration managereq4.2
tivoli netcool configuration managereq4.1.1
tivoli netcool configuration managereq3.9