A Cross-site Scripting related vulnerability has been found in IBM WebSphere Application Server - Liberty which is used by IBM License Key Server Administration & Reporting Tool (ART) and Administration Agent. The remediation has been included in the latest release of ART and Agent.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
ART | 8.1.5.6 |
ART | 8.1.5.1 |
ART | 8.1.5.2 |
ART | 8.1.5.3 |
ART | 8.1.6 |
ART | 8.1.5.4 |
ART | 8.1.6.1 |
ART | 8.1.5.5 |
ART | 8.1.5 |
ART | 8.1.6.2 |
ART | 8.1.6.3 |
Agent | 8.1.5 |
Agent | 8.1.5.1 |
Agent | 8.1.5.2 |
Agent | 8.1.5.3 |
Agent | 8.1.5.4 |
Agent | 8.1.5.5 |
Agent | 8.1.5.6 |
Agent | 8.1.6 |
Agent | 8.1.6.1 |
Agent | 8.1.6.2 |
Agent | 8.1.6.3 |
Vulnerability Details
CVEID:CVE-2019-4663
**DESCRIPTION:**IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Remediation
Upgrade to the version 8.1.6.4 of ART and Agent. Refer Release Notes 8.1.6.4 for Download and Application Instruction.
None