Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM656D4E4927959266DE779084CDF0D6AC91B56C55C3146F4D048F06CBD689AF6C
HistoryOct 30, 2019 - 11:43 p.m.

Security Bulletin: Vulnerabilities in WebSphere Application Server

2019-10-3023:43:12
www.ibm.com
13

EPSS

0.001

Percentile

44.3%

JSON

Summary

There are vulnerabilities in WebSphere Application Server used by IBM Streams. IBM Streams has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2019-4305
DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160951 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-4441
DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163177 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-4304
DESCRIPTION: IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160950 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected InfoSphere Streams Affected Versions
InfoSphere Streams 4.0.1.6 and earlier
InfoSphere Streams 3.2.1.6 and earlier
IBM Streams 4.1.1.9 and earlier
IBM Streams 4.2.1.7 and earlier
IBM Streams 4.3.1.0 and earlier

Remediation/Fixes

NOTE: Fix Packs are available on IBM Fix Central.

To remediate/fix this issue, follow the instructions below:

Version 4.3.x: Apply _ 4.3.0 Fix Pack 1 (4.3.1.1) or higher_ .
Version 4.2.x: Apply 4.2.1 Fix Pack 4 (4.2.1.9) or higher .
Version 4.1.x: Apply 4.1.1 Fix Pack 6 (4.1.1.10) or higher .
Versions 4.0.x,3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.

Workarounds and Mitigations

none

Related

ibm 105
cvelist 3
cve 3
prion 3
nvd 3
symantec 1
nessus 1
redhat 1
ibm
ibm
Security Bulletin: Vulnerabilities in WAS Liberty affect IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center
2019-10-25 05:05:01
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments
2020-03-18 14:38:14
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2019-4304, CVE-2019-4305, CVE-2019-4441, CVE-2014-3603)
2022-02-01 11:37:31
cvelist
cvelist
CVE-2019-4305
2019-09-30 15:20:31
CVE-2019-4441
2019-10-03 14:05:18
CVE-2019-4304
2019-09-30 15:20:31
cve
cve
CVE-2019-4305
2019-09-30 16:15:11
CVE-2019-4441
2019-10-03 14:15:11
CVE-2019-4304
2019-09-30 16:15:11
prion
prion
Information disclosure
2019-09-30 16:15:00
Information disclosure
2019-10-03 14:15:00
Authentication flaw
2019-09-30 16:15:00
nvd
nvd
CVE-2019-4305
2019-09-30 16:15:11
CVE-2019-4441
2019-10-03 14:15:11
CVE-2019-4304
2019-09-30 16:15:11
symantec
symantec
IBM WebSphere Application Server CVE-2019-4441 Information Disclosure Vulnerability
2019-10-01 00:00:00
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.2 / Liberty < 19.0.0.11 Information Disclosure (CVE-2019-4441)
2019-12-16 00:00:00
redhat
redhat
(RHSA-2019:4117) Moderate: Open Liberty 19.0.0.12 Runtime security update
2019-12-09 15:15:03

EPSS

0.001

Percentile

44.3%

JSON
Related for 656D4E4927959266DE779084CDF0D6AC91B56C55C3146F4D048F06CBD689AF6C
ibm105cvelist3cve3prion3nvd3symantec1nessus1redhat1