Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFDC641C0804925381C34E89BAB9AC2820E5158B5CCA56AAA92917E7D2C9F10A1
HistorySep 25, 2019 - 6:39 p.m.

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment could expose sensitive information(CVE-2019-4106, CVE-2019-4109, CVE-2019-4112, CVE-2019-4115)

2019-09-2518:39:03
www.ibm.com
15

EPSS

0.001

Percentile

40.1%

JSON

Summary

Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information.

Vulnerability Details

CVEID: CVE-2019-4106 DESCRIPTION: IBM WebSphere Extreme Scale Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 4.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158099&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-4109 DESCRIPTION: IBM WebSphere Extreme Scale Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158102&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-4112 DESCRIPTION: IBM WebSphere Extreme Scale Admin Console allows web pages to be stored locally which can be read by another user on the system.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158105&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-4115 DESCRIPTION: IBM WebSphere Extreme Scale Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158113&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

WebSphere eXtreme Scale 8.6

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
WebSphere eXtreme Scale 8.6.1.3 PH16881 Recommended Fixes page for WebSphere eXtreme Scale.

Workarounds and Mitigations

There are no workarounds. A fix must be applied to correct the problem.

Related

prion 4
cvelist 4
nvd 4
cve 4
prion
prion
Code injection
2019-09-30 16:15:00
Cross site scripting
2019-09-30 16:15:00
Cross site scripting
2019-09-30 16:15:00
cvelist
cvelist
CVE-2019-4112
2019-09-30 15:20:30
CVE-2019-4106
2019-09-30 15:20:29
CVE-2019-4109
2019-09-30 15:20:29
nvd
nvd
CVE-2019-4112
2019-09-30 16:15:11
CVE-2019-4115
2019-09-30 16:15:11
CVE-2019-4106
2019-09-30 16:15:11
cve
cve
CVE-2019-4112
2019-09-30 16:15:11
CVE-2019-4115
2019-09-30 16:15:11
CVE-2019-4109
2019-09-30 16:15:11

EPSS

0.001

Percentile

40.1%

JSON
Related for FDC641C0804925381C34E89BAB9AC2820E5158B5CCA56AAA92917E7D2C9F10A1
prion4cvelist4nvd4cve4