IBM Support

Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server can affect IBM SPSS Analytic Server (CVE-2019-4046)

Created by Prabha Dinu on
Published URL:
https://www.ibm.com/support/pages/node/1074290
1074290

Security Bulletin


Summary

There is a potential denial of service vulnerability in IBM WebSphere Application Server.

Vulnerability Details

CVEID: CVE-2019-4046
DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/156242 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

This vulnerability affects the following IBM SPSS Analytic Server versions:

  • 3.2.1

Remediation/Fixes

The recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical.

For WebSphere Application Server Liberty:

· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix  PH06340
--OR--
· Apply Fix Pack 19.0.0.4 or later (targeted availability 2Q 2019).

Get Notified about Future Security Bulletins

References

Off

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWLVY","label":"IBM SPSS Analytic Server"},"ARM Category":[{"code":"a8m500000008igLAAQ","label":"Analytic Server"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2.1","Type":"MASTER"}]

Document Information

Modified date:
29 August 2022

UID

ibm11074290