IBM72FDC7ACE37453A4C45D6056B76A38DAB964209EA3654296776CF200F9BBCFD0Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2019-4720).
EPSS
Percentile
47.8%
Summary
There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. This issue allows a remote attacker to cause a denial of service.
Vulnerability Details
CVEID:CVE-2019-4720
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM License Metric Tool | All |
Remediation/Fixes
Upgrade to version 9.2.19 or later using the following procedure:
- In BigFix console, expand IBM License Reporting (ILMT) node under Sites node in the tree panel.
- Click Fixlets and Tasks node. Fixlets and Tasks panel will be displayed on the right.
- In the Fixlets and Tasks panel locate _Upgrade to the latest version of IBM License Metric Tool __9.x _fixlet and run it against the computer that hosts your server.
Workarounds and Mitigations
None
Related
EPSS
Percentile
47.8%