vulnerability
IBM WebSphere Application Server: CVE-2019-17573: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-17573)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jan 16, 2020 | Jun 9, 2020 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jan 16, 2020
Added
Jun 9, 2020
Modified
Aug 11, 2025
Description
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
Solutions
ibm-was-install-8-5-ph22079-libertyibm-was-upgrade-8-5-20-0-0-3-liberty
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.