First published: Wed Sep 18 2019(Updated: )
IBM WebSphere Application Server Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Websphere Application Server | >=8.5.0.0<=8.5.5.16 | |
Ibm Websphere Application Server | >=9.0.0.0<=9.0.5.0 | |
IBM WebSphere Virtual Enterprise | =7.0 | |
IBM WebSphere Virtual Enterprise | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-4505.
The severity of CVE-2019-4505 is medium with a CVSS score of 5.3.
The affected software is IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 Network Deployment, as well as IBM WebSphere Virtual Enterprise versions 7.0 and 8.0.
A remote attacker can exploit CVE-2019-4505 by sending a specially-crafted URL, which allows them to obtain sensitive information and view files in a certain directory.
You can find more information about CVE-2019-4505 at the following IBM X-Force ID: 164364 and IBM Support pages [^1^] [^2^].