Vulnerability CVE-2019-4080


Published: 2019-04-02

Description:
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

Vendor: IBM
Product: Websphere application server 
Version:
9.0.0.8
9.0.0.7
9.0.0.6
9.0.0.5
9.0.0.4
9.0.0.3
9.0.0.2
9.0.0.1
9.0.0.0
8.5.5.9
8.5.5.8
8.5.5.7
8.5.5.6
8.5.5.5
8.5.5.4
8.5.5.3
8.5.5.2
8.5.5.15
8.5.5.14
8.5.5.13
8.5.5.12
8.5.5.11
8.5.5.10
8.5.5.1
8.5.5.0
8.5.0.2
8.5.0.1
8.5.0.0
8.0.0.9
8.0.0.8
8.0.0.7
8.0.0.6
8.0.0.5
8.0.0.4
8.0.0.3
8.0.0.2
8.0.0.14
8.0.0.13
8.0.0.12
8.0.0.11
8.0.0.10
8.0.0.1
8.0.0.0
7.0.0.9
7.0.0.8
7.0.0.7
7.0.0.6
7.0.0.5
7.0.0.45
7.0.0.43
7.0.0.41
7.0.0.4
7.0.0.39
7.0.0.38
7.0.0.37
7.0.0.36
7.0.0.35
7.0.0.34
7.0.0.33
7.0.0.32
7.0.0.31
7.0.0.3
7.0.0.29
7.0.0.27
7.0.0.25
7.0.0.24
7.0.0.23
7.0.0.22
7.0.0.21
7.0.0.2
7.0.0.19
7.0.0.18
7.0.0.17
7.0.0.16
7.0.0.15
7.0.0.14
7.0.0.13
7.0.0.12
7.0.0.11
7.0.0.10
7.0.0.1
7.0.0.0

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.securityfocus.com/bid/107683
https://exchange.xforce.ibmcloud.com/vulnerabilities/157380
https://www.ibm.com/support/docview.wss?uid=ibm10875692

Related CVE
CVE-2019-4058
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
CVE-2019-4011
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...
CVE-2018-2005
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
CVE-2019-4279
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
CVE-2019-4119
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
CVE-2019-4259
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
CVE-2019-4204
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...
CVE-2018-1990
IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283.

Copyright 2019, cxsecurity.com

 

Back to Top