IBM5CE42BBE1010DF258338E26E12DC946A681587DA57BA2A7B0690416BD4EE1FAASecurity Bulletin: Cross-site Scripting vulnerability in WLP affects IBM License Key Server Administration & Reporting Tool and Administration Agent
EPSS
Percentile
19.6%
Summary
A Cross-site Scripting related vulnerability has been found in IBM WebSphere Application Server - Liberty which is used by IBM License Key Server Administration & Reporting Tool (ART) and Administration Agent. The remediation has been included in the latest release of ART and Agent.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ART | 8.1.5.6 |
| ART | 8.1.5.1 |
| ART | 8.1.5.2 |
| ART | 8.1.5.3 |
| ART | 8.1.6 |
| ART | 8.1.5.4 |
| ART | 8.1.6.1 |
| ART | 8.1.5.5 |
| ART | 8.1.5 |
| ART | 8.1.6.2 |
| ART | 8.1.6.3 |
| Agent | 8.1.5 |
| Agent | 8.1.5.1 |
| Agent | 8.1.5.2 |
| Agent | 8.1.5.3 |
| Agent | 8.1.5.4 |
| Agent | 8.1.5.5 |
| Agent | 8.1.5.6 |
| Agent | 8.1.6 |
| Agent | 8.1.6.1 |
| Agent | 8.1.6.2 |
| Agent | 8.1.6.3 |
Remediation/Fixes
Vulnerability Details
CVEID:CVE-2019-4663
**DESCRIPTION:**IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Remediation
Upgrade to the version 8.1.6.4 of ART and Agent. Refer Release Notes 8.1.6.4 for Download and Application Instruction.
Workarounds and Mitigations
None
Related
EPSS
Percentile
19.6%