Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFCE07050809EDF0FDD5519879C9E4BCB128AC13A84C2716F0B87AC89A1907CD6
HistoryApr 28, 2021 - 6:35 p.m.

Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect IBM Jazz technology

2021-04-2818:35:50
www.ibm.com
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

81.2%

JSON

Summary

There are vulnerabilities in IBM WebSphere Application Server Liberty that affect Collaborative Lifecycle Management (CLM).

Vulnerability Details

Refer to the security bulletins(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
CLM 6.0.6.1
CLM 6.0.6
CLM 6.0.2

Remediation/Fixes

The IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version, some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.

For CLM applications version 6.0 to 6.0.6.1 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:

Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)

Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty (CVE-2019-17495)

Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)

Workarounds and Mitigations

None

Related

ibm 108
osv 2
veracode 1
github 1
nessus 2
githubexploit 1
prion 3
redhat 3
cve 3
oracle 5
ibm
ibm
Security Bulletin: Vulnerabilities in WebSphere Application Server Liberty affect DOORS Next Generation (DNG/RRC)
2020-02-24 15:20:04
Security Bulletin: Swagger vulnerability affects WebSphere Application Server Liberty bundled with IBM WebSphere Application Server Patterns (CVE-2019-17495)
2020-01-22 16:27:51
Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720)
2022-02-22 20:10:14
osv
osv
CVE-2019-17495
2019-10-10 22:15:10
Cross-site scripting in Swagger-UI
2019-10-15 19:27:05
veracode
veracode
CSS Injection
2019-10-11 08:20:30
github
github
Cross-site scripting in Swagger-UI
2019-10-15 19:27:05
nessus
nessus
Oracle Primavera Gateway (Oct 2020 CPU)
2020-10-22 00:00:00
IBM WebSphere Application Server Denial of Service (CVE-2019-4720)
2020-02-07 00:00:00
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Smartbear Swagger Ui
2020-12-01 09:18:58
prion
prion
Design/Logic Flaw
2019-10-10 22:15:00
Cross site scripting
2019-12-10 16:15:00
Design/Logic Flaw
2020-01-31 16:15:00
redhat
redhat
(RHSA-2020:0192) Moderate: Open Liberty 20.0.0.1 Runtime security update
2020-01-21 17:25:54
(RHSA-2020:0556) Important: Open Liberty 20.0.0.2 Runtime security update
2020-02-19 20:46:32
(RHSA-2019:4117) Moderate: Open Liberty 19.0.0.12 Runtime security update
2019-12-09 15:15:03
cve
cve
CVE-2019-17495
2019-10-10 22:15:00
CVE-2019-4720
2020-01-31 16:15:00
CVE-2019-4663
2019-12-10 16:15:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

81.2%

JSON
Related for FCE07050809EDF0FDD5519879C9E4BCB128AC13A84C2716F0B87AC89A1907CD6
ibm108osv2veracode1github1nessus2githubexploit1prion3redhat3cve3oracle5