Lucene search

K
ibmIBM1455F404660FCFF4574A8636C05189B76DEE7EFC52AAE395C13962E8B14A9830
HistoryOct 21, 2018 - 7:50 p.m.

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2018-1770), (CVE-2018-7810), (CVE-2018-1793), (CVE-2018-1794), (CVE-2018-1777)

2018-10-2119:50:01
www.ibm.com
14

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Summary

WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

These vulnerabilities affect the following versions and releases of IBM WebSphere Remote Server:
9.0, 8.5, 7.0

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

WebSphere Remote Server 9.0, 8.5, 7.0

|

WebSphere Application Server 9.0, 8.5, 8.0, 7.0

|

Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770)

WebSphere Remote Server 9.0, 8.5, 7.0

|

WebSphere Application Server 9.0, 8.5, 8.0, 7.0

|

Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server (CVE-2014-7810)

WebSphere Remote Server 9.0, 8.5, 7.0

|

WebSphere Application Server 9.0, 8.5, 8.0, 7.0

|

Cross-site scripting vulnerability in SAML ear in WebSphere Application Server (CVE-2018-1793)

WebSphere Remote Server 9.0, 8.5, 7.0

|

WebSphere Application Server 9.0, 8.5, 8.0, 7.0

|

Cross-site scripting vulnerability in OAuth ear in WebSphere Application Server (CVE-2018-1794)

WebSphere Remote Server 9.0, 8.5, 7.0

|

WebSphere Application Server 9.0, 8.5, 8.0, 7.0

|

Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777)

CPENameOperatorVersion
websphere remote servereqany

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Related for 1455F404660FCFF4574A8636C05189B76DEE7EFC52AAE395C13962E8B14A9830