Lucene search

K
ibmIBM136DDBB187CA30DA1F912D98168C94224C5097A9B2069F211A06D131A899737E
HistorySep 21, 2021 - 9:48 a.m.

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

2021-09-2109:48:03
www.ibm.com
5

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

89.9%

Summary

WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
Cloud Orchestrator 2.5.0.10

Remediation/Fixes

The recommended solution is to manually upgrade to the appropriate WebSphere Application Server Interim Fix on IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5.0.10.

Consult the following WebSphere Application Server security bulletins for the vulnerability details and information about their fixes:

Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Case Manager (CVE-2020-13938, CVE-2021-30641)

Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)

Security Bulletin: WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability (CVE-2021-29736)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud orchestratoreq2.5.0.10

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

89.9%

Related for 136DDBB187CA30DA1F912D98168C94224C5097A9B2069F211A06D131A899737E