CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting with the servlet-6.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test Management, IBM Engineering Workflow Management, Global Configuration Management, IBM Engineering Requirements Management DOORS Next.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Engineering Workflow Management | 7.0.2 |
Global Configuration Management | |
IBM Engineering Test Management | |
IBM Engineering Requirements Management DOORS Next | |
Jazz Foundation | |
IBM Engineering Workflow Management | 7.0.3 |
Global Configuration Management | |
IBM Engineering Test Management | |
IBM Engineering Requirements Management DOORS Next | |
Jazz Foundation |
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH60149.
If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.
Link: <https://www.ibm.com/support/pages/node/7145231>
Affected features: servlet-6.0
Affected releases: This affects WebSphere Application Server Liberty versions 23.0.0.3 - 24.0.0.3
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_engineering_lifecycle_management_base | 702 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:702:*:*:*:*:*:*:* |
ibm | ibm_engineering_lifecycle_management_base | 703 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:703:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%