What is the severity of CVE-2019-4270?

CVE-2019-4270 has a medium severity rating due to its potential for credential disclosure via cross-site scripting.

How do I fix CVE-2019-4270?

To fix CVE-2019-4270, you should apply the recommended patches or updates provided by IBM for the affected versions of WebSphere Application Server.

Which versions of WebSphere Application Server are affected by CVE-2019-4270?

CVE-2019-4270 affects IBM WebSphere Application Server versions 7.0.0.0 to 7.0.0.45, 8.0.0.0 to 8.0.0.15, 8.5.0.0 to 8.5.5.16, and 9.0.0.0 to 9.0.5.0.

What type of vulnerability is CVE-2019-4270?

CVE-2019-4270 is a cross-site scripting (XSS) vulnerability that allows arbitrary JavaScript code execution in the Web UI.

Can CVE-2019-4270 lead to serious security issues?

Yes, CVE-2019-4270 can lead to serious security issues, including unauthorized access to sensitive information through credential disclosure.

Vulnerability/
CVE-2019-4270

medium

5.4

CWE

17/9/2019

17/9/2024

CVE-2019-4270: XSS

First published: Tue Sep 17 2019(Updated: )

IBM WebSphere Application Server Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server Feature Pack for Web Services	>=7.0.0.0<=7.0.0.45
IBM WebSphere Application Server Feature Pack for Web Services	>=8.0.0.0<=8.0.0.15
IBM WebSphere Application Server Feature Pack for Web Services	>=8.5.0.0<=8.5.5.16
IBM WebSphere Application Server Feature Pack for Web Services	>=9.0.0.0<=9.0.5.0

Remedy

https://www.ibm.com/support/pages/node/884036

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-884036

Frequently Asked Questions

What is the severity of CVE-2019-4270?
CVE-2019-4270 has a medium severity rating due to its potential for credential disclosure via cross-site scripting.
How do I fix CVE-2019-4270?
To fix CVE-2019-4270, you should apply the recommended patches or updates provided by IBM for the affected versions of WebSphere Application Server.
Which versions of WebSphere Application Server are affected by CVE-2019-4270?
CVE-2019-4270 affects IBM WebSphere Application Server versions 7.0.0.0 to 7.0.0.45, 8.0.0.0 to 8.0.0.15, 8.5.0.0 to 8.5.5.16, and 9.0.0.0 to 9.0.5.0.
What type of vulnerability is CVE-2019-4270?
CVE-2019-4270 is a cross-site scripting (XSS) vulnerability that allows arbitrary JavaScript code execution in the Web UI.
Can CVE-2019-4270 lead to serious security issues?
Yes, CVE-2019-4270 can lead to serious security issues, including unauthorized access to sensitive information through credential disclosure.

agent/references
agent/type
collector/ibm-support
source/IBM
agent/weakness
agent/remedy
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere application server feature pack for web services
version/ibm websphere application server feature pack for web services/7.0.0.0
version/ibm websphere application server feature pack for web services/7.0.0.45
version/ibm websphere application server feature pack for web services/8.0.0.0
version/ibm websphere application server feature pack for web services/8.0.0.15
version/ibm websphere application server feature pack for web services/8.5.0.0
version/ibm websphere application server feature pack for web services/8.5.5.16
version/ibm websphere application server feature pack for web services/9.0.0.0
version/ibm websphere application server feature pack for web services/9.0.5.0