Executive Summary
Summary | |
---|---|
Title | Open Liberty 19.0.0.12 Runtime security update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:4117 | First vendor Publication | 2019-12-09 |
Vendor | RedHat | Last vendor Modification | 2019-12-09 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: A security update is now available for Open Liberty 19.0.0.12 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the originating Security Bulletin link(s) in the References section. 2. Description: Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 19.0.0.12 serves as a replacement for Open Liberty 19.0.0.11 and includes bug fixes, enhancements, and security fixes. For specific information about this release, see links in the References section. Security Fix(es): * Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4441) * Man in the middle vulnerability in WebSphere Application Server Liberty (CVE-2014-3603) * (CVE-2019-4663) For more details about the security issue(s), see the IBM Security Bulletin links for each CVE, listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. References: https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version=19.0.0.12 https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4441 https://www.ibm.com/support/pages/security-bulletin-man-middle-vulnerability-websphere-application-server-liberty-cve-2014-3603 https://access.redhat.com/articles/4544981 5. Contact: The Red Hat security contact is Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe5lqtzjgjWX9erEAQhNWQ//Xk+PeuJgLHstwIil06tNre6EmjZmTIoW 0FVDY32xoAYacPvyHE/0O2TNQexd+CoS8x1cL6tgDKXx0lcfvpW2tXXBjUI4zfhy OGjEFn6r/2Z0m2IOJMDDC1Cy3Fp/rftbUl9FJYLtcvHgXYI5nRPA1taqfq20zqIp zbAvgfG8SVRC31FvHoAf8HA6wrYrjK6JUvp1+KbVk12xkkfnHchZg3GBXyViakQn lMmXenMGGXFJaaPfnqErWFDiE9bvSKtQBbQWW7fWViaPASGI0ESnbTFf+Unzxht2 jf9/5313g54U8q7NXjucP/TsJi0VuwfkLZJVGXuMUUVNKxWXzjJL0aoLyIPAkuj7 X+cOJXnHWxVTqaTIsyMi+tZICoQqvYS98fuPYLXSoK9gnf+cZHefDEcvWJRPIa0g D6PNVUvj7Nwi4zqrxAuxPEW0oIuw5O2u8fsAORrzI4hGv+6KeVQ2IK2OGK/T9S7a kDS8nG+rZT7+/10xI7VLyHwR93xT8aE8NGBPquKE3g5K1yTeCnQsn3JShVdfgm5g YorqYZWZrerKBwL70z1wQTYl747VSsykUrtJKBHhgYI0bmBa38weF/CCELrQE3B9 VzSfPI1jtUgAolbs6euQbGVhrsQ3rjdNgi4GfH+HhC6cv/+Dz4yU3Abs0Kvk+eC6 A2wdk90F/kI= =xUYG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-4117.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-297 | Improper Validation of Host-specific Certificate Data |
50 % | CWE-209 | Information Exposure Through an Error Message |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-08-10 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2015-10175.nasl - Type : ACT_GATHER_INFO |
2015-08-10 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2015-10235.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-03-19 13:19:42 |
|