Lucene search

IBM2550C20B34C7498DA6B51CE37BFE6E9597BF3F1E83701B79A8B4AEA4D63D815F

HistoryJun 16, 2018 - 8:12 p.m.

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Financial Transaction Manager (CVE-2017-1501)

2018-06-1620:12:10

www.ibm.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Summary

WebSphere Application Server is shipped with Financial Transaction Manager. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin
Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Financial Transaction Manager for MP v2.0.0.0 through 2.0.0.5| WebSphere Application Server 7.0
Financial Transaction Manager for MP v2.1.0.0 through 2.1.0.4| WebSphere Application Server 8.0
Financial Transaction Manager for MP v2.1.1.0 through 2.1.1.4| WebSphere Application Server 8.0
Financial Transaction Manager for MP v3.0.0.0 through 3.0.0.8| WebSphere Application Server 8.5.5

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is/are shipped with Financial Transaction Manager.

Principal Product and Version(s)	Affected Supporting Product and Version	Affected Supporting Product Security Bulletin
Financial Transaction Manager for MP v2.0.0.0 through 2.0.0.5	WebSphere Application Server 7.0	Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501)
Financial Transaction Manager for MP v2.1.0.0 through 2.1.0.4	WebSphere Application Server 8.0
Financial Transaction Manager for MP v2.1.1.0 through 2.1.1.4	WebSphere Application Server 8.0
Financial Transaction Manager for MP v3.0.0.0 through 3.0.0.8	WebSphere Application Server 8.5.5

CPENameOperatorVersion
ibm financial transaction managereq2.0
ibm financial transaction managereq2.0.0
ibm financial transaction managereq2.0.0.0
ibm financial transaction managereq2.0.0.1
ibm financial transaction managereq2.0.0.2
ibm financial transaction managereq2.0.0.4
ibm financial transaction managereq2.0.0.5
ibm financial transaction managereq2.1
ibm financial transaction managereq2.1.0
ibm financial transaction managereq2.1.0.0

Name	Operator	Version
ibm financial transaction manager	eq	2.0
ibm financial transaction manager	eq	2.0.0
ibm financial transaction manager	eq	2.0.0.0
ibm financial transaction manager	eq	2.0.0.1
ibm financial transaction manager	eq	2.0.0.2
ibm financial transaction manager	eq	2.0.0.4
ibm financial transaction manager	eq	2.0.0.5
ibm financial transaction manager	eq	2.1
ibm financial transaction manager	eq	2.1.0
ibm financial transaction manager	eq	2.1.0.0

Rows per page:

1-10 of 371

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for 2550C20B34C7498DA6B51CE37BFE6E9597BF3F1E83701B79A8B4AEA4D63D815F