Recently, IBM issued a warning about WebSphere any file read vulnerability (CVE-2019-4505). This vulnerability allows a remote attacker to construct a special URL to access to sensitive files on the server. This allows an attacker to view any file in the directory.
Affected versions
- WebSphere Application Server Version 9.0
- WebSphere Application Server Version 8.5
- WebSphere Virtual Enterprise Version 8.0
- WebSphere Virtual Enterprise Version 7.0
Solution
For V9.0.0.0 to 9.0.5.0:
According to the provisional amendment requires upgrading to a minimum fix pack level, and then apply interim fixes PH14796
- or -
· Application of the revised package version 9.0.5.1 or later (target availability for the 2019 third quarter).
For V8.5.0.0 to 8.5.5.16:
· Upgraded as interim fixes the minimum required to fix pack level, and then apply interim fixes PH14796
- or -
· Application of the revised package version 8.5.5.17 or later (target availability for the first quarter of 2020).
对于WebSphere Virtual Enterprise Edition:
For V7.0:
· Application of Temporary Revision PH14796