CVE-2019-4670: 
IBM WebSphere App Server vulnerability analysis and mitigation

CVE-2019-4670 is a security vulnerability affecting IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0. The vulnerability was disclosed on February 4, 2020, and involves an information disclosure issue in the WebSphere Application Server Admin Console caused by improper data representation (IBM Security).

The vulnerability has been assigned a CVSS Base score of 6.5 (Medium) with the vector string CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This scoring indicates that the vulnerability is network exploitable, requires low attack complexity, requires low privileges, needs no user interaction, and can result in high confidentiality impact without affecting integrity or availability (IBM Security).

The vulnerability could allow a remote attacker to obtain sensitive information from the WebSphere Application Server Admin Console due to improper data representation. The impact is primarily focused on confidentiality, with potential exposure of sensitive system information (IBM Security).

IBM has released fixes for all affected versions. For V9.0.0.0 through 9.0.5.2, users can either upgrade to Fix Pack 9.0.5.3 or later, or apply Interim Fix PH18947. For V8.5.0.0 through 8.5.5.16, users should upgrade to Fix Pack 8.5.5.17 or later, or apply Interim Fix PH18947. For V8.0.0.0 through 8.0.0.15, upgrade to 8.0.0.15 and apply Interim Fix PH18947. For V7.0.0.0 through 7.0.0.45, upgrade to 7.0.0.45 and apply Interim Fix PH18947. No workarounds are available (IBM Security).