Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1901)

Summary

IBM WebSphere Application Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a potential Privilege Escalation Vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901) for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

|

Affected Supporting Product and Version

—|—

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6, V2.5.0.7, V2.5.0.8

|

• WebSphere Application Server V8.5.5 through V8.5.5.14

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5

|

• WebSphere Application Server V8.5.0.1 through V8.5.5.12

Workarounds and Mitigations

None