There is a security vulnerability that affects Red Hat Linux used by IBM WebSphere Application Server in the IBM Cloud.
Relevant CVE Information:
CVEID: CVE-2019-12735 DESCRIPTION: Vim and and Neovim could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the :source! command in a modeline. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162255> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter:
To mitigate the vulnerability on an existing service instance issue the following command as root:
To obtain these changes for your installation, upgrade IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter to version 3.0.100 or higher. The service procedure can be found here: