IBM WebSphere could expose sensitive information - Kubernetes WAF | K8 Web Application Firewall | k8 Microservices Security

Common Vulnerabilities and Exposures

IBM WebSphere could expose sensitive information

October 1, 2019

Overview :

Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information.

Affected Product(s) :

WebSphere eXtreme Scale 8.6

Vulnerability Details :

CVE ID :	CVE-2019-4106
	IBM WebSphere Extreme Scale Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 4.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158099 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
CVE ID :	CVE-2019-4109
	IBM WebSphere Extreme Scale Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158102 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE ID :	CVE-2019-4112
	IBM WebSphere Extreme Scale Admin Console allows web pages to be stored locally which can be read by another user on the system. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158105 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE ID :	CVE-2019-4115
	IBM WebSphere Extreme Scale Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158113 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Solution :

Product	VRMF	APAR	Remediation/First Fix
WebSphere eXtreme Scale	8.6.1.3	PH16881	Recommended Fixes page for WebSphere eXtreme Scale.

CVE-2019-4106 CVE-2019-4109 CVE-2019-4112 CVE-2019-4115 WebSphere eXtreme Scale 8.6

Advanced Machine Learning Based Cloud Security Solution

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

100%

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Demo Request Form

Overlay Image

100% Advanced Machine Learning Based Bot Management Solution

Demo Request Form