What is the severity of CVE-2019-4442?

CVE-2019-4442 has been assigned a high severity level due to its potential for remote file system traversal attacks.

How do I fix CVE-2019-4442?

To fix CVE-2019-4442, upgrade your IBM WebSphere Application Server to a version that is not vulnerable, specifically above the affected versions.

Which versions of IBM WebSphere Application Server are affected by CVE-2019-4442?

CVE-2019-4442 affects IBM WebSphere Application Server versions 7.0 through 9.0, specifically up to version 9.0.5.1.

What kind of attacks can exploit CVE-2019-4442?

CVE-2019-4442 can be exploited by remote attackers using specially-crafted URL requests to traverse directories on the file system.

Is file content exposed through CVE-2019-4442?

No, CVE-2019-4442 allows viewing of file names and paths without exposing the actual content of the files.

Vulnerability/
CVE-2019-4442

medium

4.3

CWE

17/9/2019

16/9/2024

CVE-2019-4442: Path Traversal

First published: Tue Sep 17 2019(Updated: )

IBM WebSphere Application Server could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server Feature Pack for Web Services	>=7.0.0.0<=7.0.0.45
IBM WebSphere Application Server Feature Pack for Web Services	>=8.0.0.0<=8.0.0.15
IBM WebSphere Application Server Feature Pack for Web Services	>=8.5.0.0<=8.5.5.16
IBM WebSphere Application Server Feature Pack for Web Services	>=9.0.0.0<=9.0.5.1

Remedy

https://www.ibm.com/support/pages/node/959021

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-959021

Frequently Asked Questions

What is the severity of CVE-2019-4442?
CVE-2019-4442 has been assigned a high severity level due to its potential for remote file system traversal attacks.
How do I fix CVE-2019-4442?
To fix CVE-2019-4442, upgrade your IBM WebSphere Application Server to a version that is not vulnerable, specifically above the affected versions.
Which versions of IBM WebSphere Application Server are affected by CVE-2019-4442?
CVE-2019-4442 affects IBM WebSphere Application Server versions 7.0 through 9.0, specifically up to version 9.0.5.1.
What kind of attacks can exploit CVE-2019-4442?
CVE-2019-4442 can be exploited by remote attackers using specially-crafted URL requests to traverse directories on the file system.
Is file content exposed through CVE-2019-4442?
No, CVE-2019-4442 allows viewing of file names and paths without exposing the actual content of the files.

agent/references
agent/type
collector/ibm-support
source/IBM
agent/weakness
agent/remedy
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere application server feature pack for web services
version/ibm websphere application server feature pack for web services/7.0.0.0
version/ibm websphere application server feature pack for web services/7.0.0.45
version/ibm websphere application server feature pack for web services/8.0.0.0
version/ibm websphere application server feature pack for web services/8.0.0.15
version/ibm websphere application server feature pack for web services/8.5.0.0
version/ibm websphere application server feature pack for web services/8.5.5.16
version/ibm websphere application server feature pack for web services/9.0.0.0
version/ibm websphere application server feature pack for web services/9.0.5.1