There is a potential information disclosure vulnerability in IBM WebSphere Application Server.
CVEID:CVE-2019-4441
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163177 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Jazz for Service Management | 1.1.3 - 1.1.3.5 |
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
Jazz for Service Management version 1.1.0 - 1.1.3.5 |
Websphere Application Server Full Profile 8.5.5
|
Please refer to WAS interim fix.