IBM WebSphere Application Server Liberty 跨站脚本漏洞

CNNVD-ID编号	CNNVD-201912-314
CVE编号	CVE-2019-4663
发布时间	2019-12-09
更新时间	2021-01-21
漏洞类型	跨站脚本
漏洞来源	N/A
危险等级	中危
威胁类型	远程
厂商	N/A

漏洞介绍

IBM WebSphere Application Server Liberty是美国IBM公司的一款构建于Open Liberty项目之上的Java应用程序服务器。

IBM WebSphere Application Server Liberty 17.0.0.3版本至19.0.0.11版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞在Web UI中注入任意JavaScript代码。

漏洞补丁

目前厂商已发布升级了IBM WebSphere Application Server Liberty 跨站脚本漏洞的补丁，IBM WebSphere Application Server Liberty 跨站脚本漏洞的补丁获取链接：

https://www.ibm.com/support/pages/node/1127367

参考网址

来源:XF

链接：https://exchange.xforce.ibmcloud.com/vulnerabilities/171245
来源:CONFIRM

链接：https://www.ibm.com/support/pages/node/1127367
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1284280
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1274596
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1284274
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/2895177
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1126605
来源:www.us-cert.gov

链接：https://www.us-cert.gov/ics/advisories/icsa-19-346-01
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1019/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-websphere-liberty-server-shipped-with-ibm-global-mailbox/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-4663-and-cve-2019-4720/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4665/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-liberty-affects-ibm-waston-machine-learning-accelerator/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2019-4663-2/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4596/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0322/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-4663/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-open-redirection-vulnerabilities-arise-when-an-application-incorporates-user-controllable-data-into-the-target-of-a-redirection-in/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0592/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4663/
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1127367
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2019-4663/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-4663
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/WebSphere-AS-Liberty-Cross-Site-Scripting-via-Web-UI-31131

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201912-314