A Security Vulnerability affects Cloud Foundry for IBM Cloud Private
CVEID:CVE-2019-16935
**DESCRIPTION:**The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Private | 3.2.0 CD |
IBM Cloud Private | 3.2.1 CD |
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For Cloud Foundry for IBM Cloud Private 3.2.1, apply fix pack:
For Cloud Foundry for IBM Cloud Private 3.2.0, apply fix pack:
If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud private | eq | any |