IBM WebSphere Application Multiple Vulnerabilities

Last Update Date: 16 Dec 2019 10:26 Release Date: 16 Dec 2019 5444 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

Multiple vulnerabilities were identified in IBM WebSphere Application Server, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, remote code execution, obtain sensitive information, cross-site scripting and bypass security restriction on the targeted system.

Impact

Cross-Site Scripting
Denial of Service
Remote Code Execution
Security Restriction Bypass
Information Disclosure

System / Technologies affected

IBM WebSphere Application Server Liberty 17.0.0.3 - 19.0.0.11
IBM SDK, Java Technology Editions used with IBM WebSphere Application Server Traditional Version 8.5.0.0 - 8.5.5.16 and 9.0.0.0 - 9.0.5.1
IBM SDK, Java Technology Editions shipped in Application Client for IBM WebSphere Application Server Version 8.5.0.0 - 8.5.5.16 and 9.0.0.0 - 9.0.5.1

For other IBM products, please refer to the "Related Link" session below.

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:
https://www.ibm.com/support/pages/node/1126887
https://www.ibm.com/support/pages/node/1127367
https://www.ibm.com/support/pages/node/1127589
https://www.ibm.com/support/pages/node/1127853
https://www.ibm.com/support/pages/node/1128321
https://www.ibm.com/support/pages/node/1128543
https://www.ibm.com/support/pages/node/1135210

Vulnerability Identifier

CVE-2015-7450
CVE-2018-1996
CVE-2019-17631
CVE-2019-2894
CVE-2019-2933
CVE-2019-2945
CVE-2019-2958
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2975
CVE-2019-2977
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2987
CVE-2019-2988
CVE-2019-2989
CVE-2019-2992
CVE-2019-2996
CVE-2019-2999
CVE-2019-4305
CVE-2019-4441
CVE-2019-4663
CVE-2019-9512
CVE-2019-9513
CVE-2019-9514
CVE-2019-9515
CVE-2019-9517
CVE-2019-9518

Source

AusCERT