IBM WebSphere Application Server allows remote attackers

Overview :
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
Affected Product(s) :
  • IBM WebSphere Application Server 7.0
  • IBM WebSphere Application Server 8.0
  • IBM WebSphere Application Server  8.5
  • IBM WebSphere Application Server 9.0
Vulnerability Details :
CVE ID : CVE-2019-4505
remote attacker to obtain sensitive information

Solution / Fixes : 

The recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical.

For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:

For V9.0.0.0 through 9.0.5.0:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH14796
–OR–
· Apply Fix Pack 9.0.5.1 or later (targeted availability 3Q2019).

For V8.5.0.0 through 8.5.5.16:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH14796
–OR–
· Apply Fix Pack 8.5.5.17 or later (targeted availability 1Q 2020).

For WebSphere Virtual Enterprise Edition:

For V7.0:
· Apply interim fix PH14796

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2021-4234 : OPENVPN ACCESS SERVER UP TO 2.10 AMPLIFICATION

CVE-2021-4234 : OPENVPN ACCESS SERVER UP TO 2.10 AMPLIFICATION

Description OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset

CVE-2022-31856 : NEWSLETTER MODULE ON OPENCART /INDEX.PHP ZEMEZ_NEWSLETTER_EMAIL SQL INJECTION

CVE-2022-31856 : NEWSLETTER MODULE ON OPENCART /INDEX.PHP ZEMEZ_NEWSLETTER_EMAIL SQL INJECTION

Description Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. References https://www.exploit-db.com/exploits/50942

CVE-2022-34918 : LINUX KERNEL UP TO 5.18.9 USER NAMESPACE NF_TABLES_API.C NFT_SET_ELEM_INIT TYPE CONFUSION

CVE-2022-34918 : LINUX KERNEL UP TO 5.18.9 USER NAMESPACE NF_TABLES_API.C NFT_SET_ELEM_INIT TYPE CONFUSION

Description An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a