CVE-2019-4304

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

Published : 2019-09-30 16:15 Updated : 2019-10-09 23:50

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Ibm Websphere Application Server - cpe:/a:ibm:websphere_application_server:-::~~liberty~~~
Ibm Websphere Application Server 8.5.5.5 cpe:/a:ibm:websphere_application_server:8.5.5.5::~~liberty~~~
Ibm Websphere Application Server 8.5.5.6 cpe:/a:ibm:websphere_application_server:8.5.5.6::~~liberty~~~
Ibm Websphere Application Server 8.5.5.7 cpe:/a:ibm:websphere_application_server:8.5.5.7::~~liberty~~~
Ibm Websphere Application Server 8.5.5.8 cpe:/a:ibm:websphere_application_server:8.5.5.8::~~liberty~~~
Ibm Websphere Application Server 8.5.5.9 cpe:/a:ibm:websphere_application_server:8.5.5.9::~~liberty~~~
Ibm Websphere Application Server 8.5.5.13 cpe:/a:ibm:websphere_application_server:8.5.5.13::~~liberty~~~
Ibm Websphere Application Server 16.0.0.2 cpe:/a:ibm:websphere_application_server:16.0.0.2::~~liberty~~~
Ibm Websphere Application Server 16.0.0.3 cpe:/a:ibm:websphere_application_server:16.0.0.3::~~liberty~~~
Ibm Websphere Application Server 16.0.0.4 cpe:/a:ibm:websphere_application_server:16.0.0.4::~~liberty~~~
Ibm Websphere Application Server 17.0.0.1 cpe:/a:ibm:websphere_application_server:17.0.0.1::~~liberty~~~
Ibm Websphere Application Server 17.0.0.2 cpe:/a:ibm:websphere_application_server:17.0.0.2::~~liberty~~~
Ibm Websphere Application Server 17.0.0.3 cpe:/a:ibm:websphere_application_server:17.0.0.3::~~liberty~~~
Ibm Websphere Application Server 17.0.0.4 cpe:/a:ibm:websphere_application_server:17.0.0.4::~~liberty~~~
Ibm Websphere Application Server 18.0.0.1 cpe:/a:ibm:websphere_application_server:18.0.0.1::~~liberty~~~
Ibm Websphere Application Server 18.0.0.2 cpe:/a:ibm:websphere_application_server:18.0.0.2::~~liberty~~~
Ibm Websphere Application Server 18.0.0.3 cpe:/a:ibm:websphere_application_server:18.0.0.3::~~liberty~~~
  1. Ibm (1) Search CVE
    1. Websphere Application Server (17) Search CVE
      1. -
      2. 8.5.5.5
      3. 8.5.5.6
      4. 8.5.5.7
      5. 8.5.5.8
      6. 8.5.5.9
      7. 8.5.5.13
      8. 16.0.0.2
      9. 16.0.0.3
      10. 16.0.0.4
      11. 17.0.0.1
      12. 17.0.0.2
      13. 17.0.0.3
      14. 17.0.0.4
      15. 18.0.0.1
      16. 18.0.0.2
      17. 18.0.0.3

CWE

ID Name Description Links
CWE-384 Session Fixation Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. CVE

History of changes

Date Event
2019-10-01 14:25
2019-09-30 16:15

New CVE