WebSphere Application Server
Description
WebSphere Application Server
Product names
websphere_application_server, WebSphere Application Server
Related organization
CVE-2022-22475 (GCVE-0-2022-22475)
Vulnerability from – Published: 2022-05-17 16:25 – Updated: 2024-09-17 00:11
VLAI?
Summary
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server Liberty |
Affected:
17.0.0.3
Affected: 22.0.0.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6586734"
},
{
"name": "ibm-websphere-cve202222475-spoofing (225603)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server Liberty",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "17.0.0.3"
},
{
"status": "affected",
"version": "22.0.0.5"
}
]
}
],
"datePublic": "2022-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/C:L/AV:N/I:L/A:L/AC:H/UI:N/S:U/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-24T18:26:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6586734"
},
{
"name": "ibm-websphere-cve202222475-spoofing (225603)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-05-16T00:00:00",
"ID": "CVE-2022-22475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server Liberty",
"version": {
"version_data": [
{
"version_value": "17.0.0.3"
},
{
"version_value": "22.0.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "H",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6586734",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6586734 (WebSphere Application Server Liberty)",
"url": "https://www.ibm.com/support/pages/node/6586734"
},
{
"name": "ibm-websphere-cve202222475-spoofing (225603)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22475",
"datePublished": "2022-05-17T16:25:23.272726Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:11:45.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1320 (GCVE-0-2011-1320)
Vulnerability from – Published: 2011-03-08 21:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PM21536",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-08T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "PM21536",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM21536",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1320",
"datePublished": "2011-03-08T21:00:00Z",
"dateReserved": "2011-03-08T00:00:00Z",
"dateUpdated": "2024-09-17T00:06:59.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0563 (GCVE-0-2010-0563)
Vulnerability from – Published: 2010-02-08 21:00 – Updated: 2024-09-17 00:02
VLAI?
Summary
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"
},
{
"name": "PM00610",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"
},
{
"name": "38122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38122"
},
{
"name": "38425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38425"
},
{
"name": "62140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-08T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"
},
{
"name": "PM00610",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"
},
{
"name": "38122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38122"
},
{
"name": "38425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38425"
},
{
"name": "62140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023551",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023551"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"
},
{
"name": "PM00610",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"
},
{
"name": "38122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38122"
},
{
"name": "38425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38425"
},
{
"name": "62140",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0563",
"datePublished": "2010-02-08T21:00:00Z",
"dateReserved": "2010-02-08T00:00:00Z",
"dateUpdated": "2024-09-17T00:02:32.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0462 (GCVE-0-2013-0462)
Vulnerability from – Published: 2013-01-27 18:00 – Updated: 2024-09-16 23:45
VLAI?
Summary
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-27T18:00:00Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0462",
"datePublished": "2013-01-27T18:00:00Z",
"dateReserved": "2012-12-16T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:54.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4163 (GCVE-0-2020-4163)
Vulnerability from – Published: 2020-02-04 16:45 – Updated: 2024-09-16 23:45
VLAI?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1288786"
},
{
"name": "ibm-websphere-cve20204163-code-exec (174397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/A:H/I:H/UI:N/C:H/PR:H/S:U/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T16:45:38",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1288786"
},
{
"name": "ibm-websphere-cve20204163-code-exec (174397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2020-4163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1288786",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1288786 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/pages/node/1288786"
},
{
"name": "ibm-websphere-cve20204163-code-exec (174397)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4163",
"datePublished": "2020-02-04T16:45:38.204336Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:45:27.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4163 (GCVE-0-2020-4163)
Vulnerability from – Published: 2020-02-04 16:45 – Updated: 2024-09-16 23:45
VLAI?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1288786"
},
{
"name": "ibm-websphere-cve20204163-code-exec (174397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/A:H/I:H/UI:N/C:H/PR:H/S:U/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T16:45:38",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1288786"
},
{
"name": "ibm-websphere-cve20204163-code-exec (174397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2020-4163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1288786",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1288786 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/pages/node/1288786"
},
{
"name": "ibm-websphere-cve20204163-code-exec (174397)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4163",
"datePublished": "2020-02-04T16:45:38.204336Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:45:27.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4442 (GCVE-0-2019-4442)
Vulnerability from – Published: 2019-09-17 19:05 – Updated: 2024-09-16 23:35
VLAI?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/959021"
},
{
"name": "ibm-websphere-cve20194442-info-disc (163226)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2019-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/I:N/C:L/AV:N/S:U/AC:L/A:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:05:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/959021"
},
{
"name": "ibm-websphere-cve20194442-info-disc (163226)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-09-16T00:00:00",
"ID": "CVE-2019-4442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/959021",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 959021 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/pages/node/959021"
},
{
"name": "ibm-websphere-cve20194442-info-disc (163226)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4442",
"datePublished": "2019-09-17T19:05:24.079821Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:35:46.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4442 (GCVE-0-2019-4442)
Vulnerability from – Published: 2019-09-17 19:05 – Updated: 2024-09-16 23:35
VLAI?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/959021"
},
{
"name": "ibm-websphere-cve20194442-info-disc (163226)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2019-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/I:N/C:L/AV:N/S:U/AC:L/A:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:05:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/959021"
},
{
"name": "ibm-websphere-cve20194442-info-disc (163226)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-09-16T00:00:00",
"ID": "CVE-2019-4442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/959021",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 959021 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/pages/node/959021"
},
{
"name": "ibm-websphere-cve20194442-info-disc (163226)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4442",
"datePublished": "2019-09-17T19:05:24.079821Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:35:46.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4285 (GCVE-0-2019-4285)
Vulnerability from – Published: 2019-07-30 13:25 – Updated: 2024-09-16 23:32
VLAI?
Summary
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
Liberty
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884064"
},
{
"name": "ibm-websphere-cve20194285-clickjacking (160513)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160513"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "Liberty"
}
]
}
],
"datePublic": "2019-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim\u0027s click actions or launch other client-side browser attacks. IBM X-Force ID: 160513."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/PR:L/I:L/UI:R/AV:N/C:L/S:C/A:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T13:25:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884064"
},
{
"name": "ibm-websphere-cve20194285-clickjacking (160513)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160513"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-07-25T00:00:00",
"ID": "CVE-2019-4285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "Liberty"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim\u0027s click actions or launch other client-side browser attacks. IBM X-Force ID: 160513."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10884064",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 884064 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884064"
},
{
"name": "ibm-websphere-cve20194285-clickjacking (160513)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160513"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4285",
"datePublished": "2019-07-30T13:25:14.902606Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:32:03.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4285 (GCVE-0-2019-4285)
Vulnerability from – Published: 2019-07-30 13:25 – Updated: 2024-09-16 23:32
VLAI?
Summary
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
Liberty
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884064"
},
{
"name": "ibm-websphere-cve20194285-clickjacking (160513)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160513"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "Liberty"
}
]
}
],
"datePublic": "2019-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim\u0027s click actions or launch other client-side browser attacks. IBM X-Force ID: 160513."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/PR:L/I:L/UI:R/AV:N/C:L/S:C/A:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T13:25:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884064"
},
{
"name": "ibm-websphere-cve20194285-clickjacking (160513)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160513"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-07-25T00:00:00",
"ID": "CVE-2019-4285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "Liberty"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim\u0027s click actions or launch other client-side browser attacks. IBM X-Force ID: 160513."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10884064",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 884064 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884064"
},
{
"name": "ibm-websphere-cve20194285-clickjacking (160513)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160513"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4285",
"datePublished": "2019-07-30T13:25:14.902606Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:32:03.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 131 - 140 organizations in total 560