There are multiple vulnerabilities in IBM® WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager (TADDM)
CVEID:CVE-2019-4304
**DESCRIPTION:**IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160950 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0 |
In order to fix this vulnerability, Liberty was upgraded from 8.5.5.8 to 20.0.0.1. This upgrade is now available as part of TADDM 7.3.0.7 (TIV-ITADDM-FP0007) release.
For download of the FixPack, please refer the below FixCentral Link :
Download Link : FixCentral
Fix |
VRMF
| APAR |How to acquire fix
—|—|—|—
efix_WLP_PSIRT_20001_FP5180802.zip |
7.3.0.5
| None | Download eFix
efix_WLP_PSIRT_20001_FP6190313.zip |
7.3.0.6
| None | Download eFix
Note:
For customers on TADDM FixPack 3 or FixPack 4, recommendation is to either upgrade to the latest version i.e. FP7 or they can upgrade to FP5/FP6 and then apply the efix directly.