| Vulnerability Name: | CVE-2019-4046 (CCN-156242) |
| Assigned: | 2019-03-21 |
| Published: | 2019-03-21 |
| Updated: | 2022-12-03 |
| Summary: | |
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): High |
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): High |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete |
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2019-4046
Source: CCN
Type: IBM Security Bulletin 879433 (Voice Gateway)
Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway
Source: CCN
Type: IBM Security Bulletin 879903 (Spectrum Control Standard Edition)
Potential denial of service vulnerability in WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 880989 (Content Collector)
Content Collector for Email is affected by a WebSphere App Server - Out of Memory Exception can cause DOS
Source: CCN
Type: IBM Security Bulletin 882816 (Liberty for Java for Bluemix)
Potential denial of service vulnerability in Liberty for Java for IBM Cloud (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 884082 (Spectrum Protect)
Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 884206 (MessageSight)
IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability
Source: CCN
Type: IBM Security Bulletin 884290 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 884642 (Spectrum Protect Snapshot)
Spoofing and denial of service vulnerabilities in WebSphere Application Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1902, CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 957781 (Security Privileged Identity Manager)
IBM Security Privileged Identity Manager is affected by multiple vulnerabilities
Source: CCN
Type: IBM Security Bulletin 958077 (Security Identity Manager)
IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2018-1902, CVE-2018-1968, CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 958773 (Rational Asset Analyzer)
Rational Asset Analyzer (RAA) is affected by a WAS vulnerability.
Source: CCN
Type: IBM Security Bulletin 960854 (Security Directory Suite)
IBM Security Directory Suite is affected by multiple vulnerabilities (CVE-2018-1902, CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 967335 (License Metric Tool)
A vulnerability in IBM WebSphere Application Server Liberty affects IBM License Metric Tool v9 (CVE-2019-4046).
Source: CCN
Type: IBM Security Bulletin 967469 (Security Privileged Identity Manager)
IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities
Source: psirt@us.ibm.com
Type: VDB Entry, Third Party Advisory
psirt@us.ibm.com
Source: psirt@us.ibm.com
Type: VDB Entry, Vendor Advisory
psirt@us.ibm.com
Source: XF
Type: UNKNOWN
ibm-websphere-cve20194046-dos(156242)
Source: CCN
Type: IBM Security Bulletin 869570 (WebSphere Application Server)
Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046)
Source: psirt@us.ibm.com
Type: Patch, Vendor Advisory
psirt@us.ibm.com
Source: CCN
Type: IBM Security Bulletin 870320 (WebSphere Application Server in Cloud)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
Source: CCN
Type: IBM Security Bulletin 879109 (WebSphere Application Server for IBM Cloud Private VM Quickstarter)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter
Source: CCN
Type: IBM Security Bulletin 884724 (Planning Analytics)
Multiple vulnerabilities affect IBM Planning Analytics
Source: CCN
Type: IBM Security Bulletin 886145 (MobileFirst Platform Foundation)
WebSphere App Server - Out of Memory Exception can cause DOS
Source: CCN
Type: IBM Security Bulletin 888065 (Event Streams)
IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4046
Source: CCN
Type: IBM Security Bulletin 888617 (Sterling B2B Integrator)
IBM WebSphere Application Server Security Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4046, CVE-2018-1902, CVE-2018-10237)
Source: CCN
Type: IBM Security Bulletin 957743 (Spectrum Scale)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 958175 (Rational License Key Server)
Multiple Security Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM License Key Server Administration & Reporting Tool and Agent
Source: CCN
Type: IBM Security Bulletin 958929 (Watson Compare and Comply for IBM Cloud Private for Data)
Vulnerabilities in Eclipse OpenJ9, Oracle Java SE, and IBM WebSphere Application Server affect IBM Watson Compare and Comply for IBM Cloud Private for Data
Source: CCN
Type: IBM Security Bulletin 959563 (Elastic Storage Server)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 967651 (Cloud App Management)
A vulnerability in IBM Websphere Application Server affects IBM Cloud App Management
Source: CCN
Type: IBM Security Bulletin 1074290 (SPSS Analytic Server)
Potential denial of service vulnerability in WebSphere Application Server can affect IBM SPSS Analytic Server (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 1076589 (Security Access Manager Appliance)
IBM Security Access Manager Appliance has shipped a security vulnerability fix for WebSphere Application Server (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 1135354 (Tivoli Monitoring V6)
Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server
Source: CCN
Type: IBM Security Bulletin 1138588 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilties
Source: CCN
Type: IBM Security Bulletin 1142626 (Cognos Business Intelligence)
IBM Cognos Business Intelligence has addressed multiple vulnerabilties
Source: CCN
Type: IBM Security Bulletin 1150936 (Integration Bus)
IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 1150948 (WebSphere Message Broker)
WebSphere Message Broker is affected by a Websphere Application Server Vulnerability (CVE-2019-4046)
Source: CCN
Type: IBM Security Bulletin 1284802 (Cognos Controller)
IBM Cognos Controller 2020Q1 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller
Source: CCN
Type: IBM Security Bulletin 6242192 (Streams)
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers.
Source: CCN
Type: IBM Security Bulletin 1072104 (Cloud Application Performance Management)
A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4046)
|
| Vulnerable Configuration: | Configuration CCN 1:
cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*AND cpe:/a:ibm:integration_bus:9.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_message_broker:8:*:*:*:*:*:*:*OR cpe:/a:ibm:content_collector:4:*:*:*:*:*:*:*OR cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:*OR cpe:/a:ibm:messagesight:1.2:*:*:*:*:*:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:*OR cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*OR cpe:/a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:mobilefirst_platform_foundation:7.1:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.1:*:standard:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.8:*:standard:*:*:*:*:*OR cpe:/a:ibm:watson_developer_cloud:-:*:*:*:*:*:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.11:*:standard:*:*:*:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*OR cpe:/a:ibm:security_directory_suite:8.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.5:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.12:*:standard:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.13:*:standard:*:*:*:*:*OR cpe:/a:ibm:spectrum_scale:4.2.3:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.14:*:standard:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.5.1:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.5.2:*:*:*:*:*:*:*OR cpe:/a:ibm:planning_analytics:2.0.3:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.15:*:standard:*:*:*:*:*OR cpe:/a:ibm:cognos_controller:10.3.1:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.16:*:standard:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.5.3:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.10.1:*:standard:*:*:*:*:*OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.15.2:*:standard:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.17.0:*:standard:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*OR cpe:/a:ibm:planning_analytics:2.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:planning_analytics:2.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:planning_analytics:2.0.4:*:*:*:*:*:*:*OR cpe:/a:ibm:planning_analytics:2.0.5:*:*:*:*:*:*:*OR cpe:/a:ibm:cognos_controller:10.3.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*OR cpe:/a:ibm:integration_bus:9.0.0.11:*:*:*:*:*:*:*OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:*OR cpe:/a:ibm:elastic_storage_server:4.5.0:*:*:*:*:*:*:*OR cpe:/a:ibm:elastic_storage_server:4.6.0:*:*:*:*:*:*:*OR cpe:/a:ibm:elastic_storage_server:5.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_app_management:2018.2.0:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:2018.3.0:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.5.4:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.5.5:*:*:*:*:*:*:*OR cpe:/a:ibm:security_identity_manager:7.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_control:5.2.17.1:*:standard:*:*:*:*:*OR cpe:/a:ibm:cloud_transformation_advisor:1.8.0:*:*:*:*:*:*:*OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:2018.3.1:*:*:*:*:*:*:*OR cpe:/a:ibm:security_privileged_identity_manager:2.1.1:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.5.6:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_application_performance_management:8.1.4:*:*:*:*:advanced_private:*:*OR cpe:/a:ibm:websphere_application_server:2:*:*:*:*:cloud_private_vm_quickstarter:*:*OR cpe:/a:ibm:planning_analytics:2.0.6:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_application_server:2.0:*:*:*:*:cloud_private_vm_quickstarter:*:*OR cpe:/a:ibm:cloud_app_management:2018.4.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_app_management:2018.4.1:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_license_key_server:8.1.6:*:*:*:*:*:*:*OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*OR cpe:/a:ibm:messagesight:5.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:messagesight:5.0.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_app_management:2019.2.0:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:event_streams:2019.1.1:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.20:*:*:*:*:*:*:*OR cpe:/a:ibm:elastic_storage_server:5.3.0:*:*:*:*:*:*:*OR cpe:/a:ibm:watson_compare_&_comply:1.1.3:*:cloud_private:*:data:*:*:*OR cpe:/a:ibm:watson_compare_&_comply:1.1.4:*:cloud_private:*:data:*:*:*OR cpe:/a:ibm:planning_analytics:2.0.7:*:*:*:*:*:*:*OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_app_management:2018.2.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_app_management:2018.4.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_app_management:2018.4.1:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_app_management:2019.2.0:*:*:*:*:*:*:*OR cpe:/o:ibm:security_access_manager_appliance_firmware:8.0.1:*:*:*:*:*:*:*OR cpe:/h:ibm:security_access_manager_appliance:9.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*OR cpe:/a:ibm:app_connect:11.0.0.5:*:*:*:enterprise:*:*:*OR cpe:/a:ibm:integration_bus:10.0.0.17:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
ibm websphere application server 7.0
ibm websphere application server 8.0
ibm websphere application server 8.5
ibm websphere application server 9.0
ibm websphere application server *
ibm integration bus 9.0.0.0
ibm sterling b2b integrator *
ibm websphere message broker 8
ibm content collector 4
ibm cognos business intelligence 10.2.2
ibm messagesight 1.2
ibm tivoli monitoring 6.3.0.2
ibm tivoli monitoring 6.3.0.3
ibm tivoli monitoring 6.3.0.4
ibm license metric tool 9.2
ibm security privileged identity manager 2.0.2
ibm mobilefirst platform foundation 7.1
ibm spectrum control 5.2.1
ibm spectrum control 5.2.8
ibm watson developer cloud -
ibm tivoli monitoring 6.3.0.5
ibm tivoli monitoring 6.3.0.6
ibm spectrum control 5.2.11
ibm tivoli monitoring 6.3.0.7
ibm cognos analytics 11.0
ibm security directory suite 8.0.1
ibm rational license key server 8.1.5
ibm spectrum protect 8.1
ibm spectrum control 5.2.12
ibm spectrum control 5.2.13
ibm spectrum scale 4.2.3
ibm spectrum control 5.2.14
ibm rational license key server 8.1.5.1
ibm rational license key server 8.1.5.2
ibm planning analytics 2.0.3
ibm spectrum scale 5.0.0
ibm spectrum control 5.2.15
ibm cognos controller 10.3.1
ibm spectrum control 5.2.16
ibm rational license key server 8.1.5.3
ibm spectrum control 5.2.10.1
ibm rational asset analyzer 6.1.0.0
ibm spectrum control 5.2.15.2
ibm spectrum control 5.2.17.0
ibm websphere application server in cloud 8.5
ibm websphere application server in cloud 9.0
ibm planning analytics 2.0
ibm planning analytics 2.0.1
ibm planning analytics 2.0.2
ibm planning analytics 2.0.4
ibm planning analytics 2.0.5
ibm cognos controller 10.3.0
ibm websphere application server in cloud *
ibm integration bus 9.0.0.11
ibm integration bus 10.0.0.0
ibm elastic storage server 4.0.0
ibm elastic storage server 4.0.6
ibm elastic storage server 4.5.0
ibm elastic storage server 4.6.0
ibm elastic storage server 5.0.0
ibm cloud app management 2018.2.0
ibm event streams 2018.3.0
ibm rational license key server 8.1.5.4
ibm rational license key server 8.1.5.5
ibm security identity manager 7.0.1
ibm spectrum control 5.2.17.1
ibm cloud transformation advisor 1.8.0
ibm sterling b2b integrator 6.0.0.0
ibm event streams 2018.3.1
ibm security privileged identity manager 2.1.1
ibm rational license key server 8.1.5.6
ibm cloud application performance management 8.1.4
ibm websphere application server 2
ibm planning analytics 2.0.6
ibm websphere application server 2.0
ibm cloud app management 2018.4.0
ibm cloud app management 2018.4.1
ibm rational license key server 8.1.6
ibm cognos controller 10.4.0
ibm messagesight 5.0.0.0
ibm messagesight 5.0.0.1
ibm mobilefirst platform foundation 8.0.0
ibm cloud app management 2019.2.0
ibm voice gateway 1.0.1
ibm event streams 2019.1.1
ibm rational asset analyzer 6.1.0.20
ibm elastic storage server 5.3.0
ibm watson compare & comply 1.1.3
ibm watson compare & comply 1.1.4
ibm planning analytics 2.0.7
ibm sterling b2b integrator 6.0.1.0
ibm cloud app management 2018.2.0
ibm cloud app management 2018.4.0
ibm cloud app management 2018.4.1
ibm cloud app management 2019.2.0
ibm security access manager appliance firmware 8.0.1
ibm security access manager appliance 9.0
ibm cognos analytics 11.1
ibm cognos controller 10.4.1
ibm app connect 11.0.0.5
ibm integration bus 10.0.0.17