EUVD-2018-12377

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM WebSphere Application Server is vulnerable to cross-site scripting, risking credentials disclosure.

Reporter	Title	Published	Views	Family All 24
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2018-1798)	7 Dec 201814:50	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2018-1798)	28 Nov 201800:05	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2018-1797 and CVE-2018-1798)	28 Nov 201812:15	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2018-1798)	3 Jan 201900:00	–	ibm
IBM Security Bulletins	Security Bulletin: A Security Vulnerability in Websphere Application Server Affects Predictive Customer Intelligence (CVE-2018-1798)	11 Feb 202021:31	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.	4 Dec 201814:25	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-1798)	14 Sep 202215:02	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1798)	14 May 201906:40	–	ibm
IBM Security Bulletins	Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility shipped with Jazz for Service Management (CVE-2018-1798)	3 Dec 201812:05	–	ibm
IBM Security Bulletins	Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798)	6 Mar 201920:45	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "0180a642-d12f-38f0-b98c-61275345baef",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0234abb1-13dd-36ca-b438-6ab9b3dfc445",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      },
      {
        "id": "04937b90-1ad6-3596-b0b0-cacb503fb914",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "1eb595ab-9f1f-37e6-a558-4353f10dd6a5",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      },
      {
        "id": "ac58eda8-3d1a-3b03-b25f-68cd72531131",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "7.0"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id/1042053
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/149428
ibm	www.ibm.com/support/docview.wss
securityfocus	www.securityfocus.com/bid/105945
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.5Medium risk

Vulners AI Score6.5

CVSS 36.1

CVSS 24.3

EPSS0.0045