Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM24154670B8CC3EB03C11F4CFFCD12D680AF81E5BF7B5E295FE2642969C84E9B2
HistoryJun 17, 2018 - 10:33 p.m.

Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2017-1121)

2018-06-1722:33:28
www.ibm.com
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Summary

IBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal.
IBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management.
Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM SmartCloud Cost Management V2.1.0.1| Tivoli Integrated Portal V2.2.0.7

IBM WebSphere Application Server 7.0.0.19
IBM SmartCloud Cost Management V2.1.0| Tivoli Integrated Portal V2.2.0.1

IBM WebSphere Application Server 7.0.0.19

Tivoli Usage and Accounting Management V7.3.0.0, V7.3.0.1, V7.3.0.2, V7.3.0.3, V7.3.0.4| Tivoli Integrated Portal 2.2.0.0

IBM WebSphere Application Server 7.0.0.11

Remediation/Fixes

Refer to the following security bulletin for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with Tivoli Integrated Portal. Tivoli Integrated Portal is shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM SmartCloud Cost Management V2.1.0.1 IBM WebSphere Application Server 7.0.0.19

Tivoli Integrated Portal V2.2.0.7 | Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)

Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)
IBM SmartCloud Cost Management V2.1.0| IBM WebSphere Application Server 7.0.0.19

Tivoli Integrated Portal V2.2.0.1
Tivoli Usage and Accounting Management 7.3.0.0, 7.3.0.1, 7.3.0.2, 7.3.0.3, 7.3.0.4| IBM WebSphere Application Server 7.0.0.11

Tivoli Integrated Portal 2.2.0.0

Workarounds and Mitigations

None

Related

ibm 150
openvas 2
nessus 3
cve 3
prion 3
checkpoint_advisories 1
ibm
ibm
Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)
2018-06-17 15:35:47
Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)
2018-06-17 15:35:19
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-5983)
2018-06-17 22:33:19
openvas
openvas
IBM Websphere Application Server XSS and DoS Vulnerability
2017-02-14 00:00:00
IBM Websphere Application Server Code Execution vulnerability (Oct 2016)
2016-10-13 00:00:00
nessus
nessus
IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.0.x < 9.0.0.4 SOAP Connectors DoS
2017-08-18 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.11 / 9.0 < 9.0.0.2 Multiple Vulnerabilities
2016-11-03 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.3 Admin Console Multiple XSS
2017-02-23 00:00:00
cve
cve
CVE-2016-8919
2017-02-01 22:59:00
CVE-2016-5983
2016-10-05 10:59:00
CVE-2017-1121
2017-02-13 22:59:00
prion
prion
Denial of service
2017-02-01 22:59:00
Code injection
2016-10-05 10:59:00
Cross site scripting
2017-02-13 22:59:00
checkpoint_advisories
checkpoint_advisories
IBM WebSphere WASPostParam cookie Untrusted Java Deserialization (CVE-2016-5983)
2016-10-30 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for 24154670B8CC3EB03C11F4CFFCD12D680AF81E5BF7B5E295FE2642969C84E9B2
ibm150openvas2nessus3cve3prion3checkpoint_advisories1