5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server. There is a potential information disclosure in WebSphere Application Server using malformed SOAP requests on WebSphere Application Server.
Please consult the security bulletins for vulnerability details and information about fixes:
These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server that IBM WebSphere Application Server Patterns supports:
* Version 8.0 traditional
* Version 8.5.5 traditional
* Version 9.0 traditional
To patch an existing PureApplication Virtual System Instance, apply the patch using the PureApplication Maintainence fix process.
CPE | Name | Operator | Version |
---|---|---|---|
websphere application server patterns | eq | any |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N