8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
There is a potential for weaker than expected security with the Administrative Console in WebSphere Application Server.
CVEID: CVE-2017-1137**
DESCRIPTION:** IBM WebSphere Application Server could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121549 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
The recommended solution is to apply the interim fix, Fix Pack or PTF containing APAR PI76088 for each named product as soon as practical. **
For WebSphere Application Server traditional and WebSphere Application Server Hypervisor edition:
**For V8.5.5.9 through 8.5.5.11 traditional:
ยท Apply Interim Fix PI76088
--ORโ
ยท Apply Fix Pack 8.5.5.12 or later. **
For V8.0.0.13 traditional:**
ยท Apply Interim Fix PI76088
--ORโ
ยท Apply Fix Pack 8.0.0.14 or later. **
**
CPE | Name | Operator | Version |
---|---|---|---|
websphere application server | eq | 8.5.5 | |
websphere application server | eq | 8.0 |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P