Medium Severity

Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Share this post:

There are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. There is a file traversal vulnerability in the Admin Console of WebSphere Application Server. There is a path traversal vulnerability in the Admin Console of WebSphere Application Server. There is a Client-side HTTP parameter pollution vulnerability and a Cross-site scripting vulnerability in WebSphere Application Server Admin Console. There is an information disclosure in WebSphere Application Server when using Security Auditing. There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. There is an information disclosure in WebSphere Application Server ND. There is an information disclosure and a bypass security vulnerability in WebSphere Application Server Liberty. There is a potential information disclosure vulnerability in IBM WebSphere Application Server. There are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. There is a potential denial of service in the Admin Console of WebSphere Application Server. There is a denial of service vulnerability in WebSphere Application Server Liberty. There is a man in the middle vulnerability in WebSphere Application Server Liberty. There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server.

Affected product(s) and affected version(s):

These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server in IBM Cloud:

  • Liberty
  • Version 9.0
  • Version 8.5

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1127397

More stories

Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation

Feb 27, 2020 7:01 pm EST | Medium Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability.Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty ...read more


Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720)

Feb 27, 2020 7:00 pm EST | Medium Severity

Security vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center). IBM Spectrum Control has addressed the following CVEs. ...read more


Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402)

Feb 27, 2020 7:00 pm EST | Medium Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability.WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability ...read more