IBM WebSphere Application Server allows remote attackers

Overview :
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
Affected Product(s) :
  • IBM WebSphere Application Server 7.0
  • IBM WebSphere Application Server 8.0
  • IBM WebSphere Application Server  8.5
  • IBM WebSphere Application Server 9.0
Vulnerability Details :
CVE ID : CVE-2019-4505
remote attacker to obtain sensitive information

Solution / Fixes : 

The recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical.

For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:

For V9.0.0.0 through 9.0.5.0:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH14796
–OR–
· Apply Fix Pack 9.0.5.1 or later (targeted availability 3Q2019).

For V8.5.0.0 through 8.5.5.16:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH14796
–OR–
· Apply Fix Pack 8.5.5.17 or later (targeted availability 1Q 2020).

For WebSphere Virtual Enterprise Edition:

For V7.0:
· Apply interim fix PH14796

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT

CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT

Description zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db)

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

Description Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with