EUVD-2018-12376

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Vulnerability in IBM WebSphere allows directory traversal and file writing via crafted ZIP archives

Reporter	Title	Published	Views	Family All 28
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology	27 Nov 201819:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2018-1797 and CVE-2018-1798)	28 Nov 201812:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business	29 Jan 201921:45	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.	4 Dec 201814:25	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2018-1797)	17 Jan 202317:36	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager (CVE-2018-1797)	7 Dec 201814:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud	19 Dec 201816:50	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2018-1797)	28 Jun 202322:11	–	ibm
IBM Security Bulletins	WebSphere Application Server and IBM HTTP Server Security Bulletin List	13 Jul 202218:04	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2018-1797)	28 Jun 202322:11	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "d66a3ae5-abff-37a9-ac5f-97b2a813cabe",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "8b5bb2a8-a982-34aa-831f-f242bdd2c11e",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      },
      {
        "id": "98aadfa4-5203-3f93-bff7-42ee4e373e80",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "998fb06e-31f3-30cf-bccc-07c48c166d31",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "7.0"
      },
      {
        "id": "9be721f3-ac98-3c2c-b5aa-ca5eb89b4a15",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/149427
securityfocus	www.securityfocus.com/bid/105982
securitytracker	www.securitytracker.com/id/1042146
ibm	www.ibm.com/support/docview.wss
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.2Medium risk

Vulners AI Score6.2

CVSS 35.5 - 6.3

CVSS 24.3

EPSS0.00425